VirtualBox

Ticket #17496: b-2018-01-23-11-42-49_1

File b-2018-01-23-11-42-49_1, 344.3 KB (added by lalla, 7 years ago)
Line 
1f90.1c4c: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
2f90.1c4c: \SystemRoot\System32\ntdll.dll:
3f90.1c4c: CreationTime: 2017-09-14T15:08:19.219152600Z
4f90.1c4c: LastWriteTime: 2017-09-05T05:26:19.169608500Z
5f90.1c4c: ChangeTime: 2018-01-10T07:53:32.027740000Z
6f90.1c4c: FileAttributes: 0x20
7f90.1c4c: Size: 0x1d7658
8f90.1c4c: NT Headers: 0xe0
9f90.1c4c: Timestamp: 0x8274fd8b
10f90.1c4c: Machine: 0x8664 - amd64
11f90.1c4c: Timestamp: 0x8274fd8b
12f90.1c4c: Image Version: 10.0
13f90.1c4c: SizeOfImage: 0x1db000 (1945600)
14f90.1c4c: Resource Dir: 0x170000 LB 0x69448
15f90.1c4c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16f90.1c4c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17f90.1c4c: ProductName: Microsoft® Windows® Operating System
18f90.1c4c: ProductVersion: 10.0.15063.608
19f90.1c4c: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
20f90.1c4c: FileDescription: NT Layer DLL
21f90.1c4c: \SystemRoot\System32\kernel32.dll:
22f90.1c4c: CreationTime: 2017-07-18T18:52:25.104163500Z
23f90.1c4c: LastWriteTime: 2017-07-18T18:52:25.135336800Z
24f90.1c4c: ChangeTime: 2018-01-10T07:53:31.396799100Z
25f90.1c4c: FileAttributes: 0x20
26f90.1c4c: Size: 0xad068
27f90.1c4c: NT Headers: 0xf8
28f90.1c4c: Timestamp: 0xf5fa43df
29f90.1c4c: Machine: 0x8664 - amd64
30f90.1c4c: Timestamp: 0xf5fa43df
31f90.1c4c: Image Version: 10.0
32f90.1c4c: SizeOfImage: 0xae000 (712704)
33f90.1c4c: Resource Dir: 0xac000 LB 0x520
34f90.1c4c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35f90.1c4c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36f90.1c4c: ProductName: Microsoft® Windows® Operating System
37f90.1c4c: ProductVersion: 10.0.15063.296
38f90.1c4c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
39f90.1c4c: FileDescription: Windows NT BASE API Client DLL
40f90.1c4c: \SystemRoot\System32\KernelBase.dll:
41f90.1c4c: CreationTime: 2017-11-15T07:19:46.957018000Z
42f90.1c4c: LastWriteTime: 2017-11-02T05:16:53.631004400Z
43f90.1c4c: ChangeTime: 2018-01-10T07:53:31.613848000Z
44f90.1c4c: FileAttributes: 0x20
45f90.1c4c: Size: 0x2499e8
46f90.1c4c: NT Headers: 0x100
47f90.1c4c: Timestamp: 0x1a9bbe0b
48f90.1c4c: Machine: 0x8664 - amd64
49f90.1c4c: Timestamp: 0x1a9bbe0b
50f90.1c4c: Image Version: 10.0
51f90.1c4c: SizeOfImage: 0x249000 (2396160)
52f90.1c4c: Resource Dir: 0x22a000 LB 0x548
53f90.1c4c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54f90.1c4c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55f90.1c4c: ProductName: Microsoft® Windows® Operating System
56f90.1c4c: ProductVersion: 10.0.15063.726
57f90.1c4c: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
58f90.1c4c: FileDescription: Windows NT BASE API Client DLL
59f90.1c4c: \SystemRoot\System32\apisetschema.dll:
60f90.1c4c: CreationTime: 2017-03-18T20:57:35.373527900Z
61f90.1c4c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
62f90.1c4c: ChangeTime: 2017-07-18T18:35:45.025491600Z
63f90.1c4c: FileAttributes: 0x20
64f90.1c4c: Size: 0x1ada0
65f90.1c4c: NT Headers: 0xc0
66f90.1c4c: Timestamp: 0x76544b2
67f90.1c4c: Machine: 0x8664 - amd64
68f90.1c4c: Timestamp: 0x76544b2
69f90.1c4c: Image Version: 10.0
70f90.1c4c: SizeOfImage: 0x1b000 (110592)
71f90.1c4c: Resource Dir: 0x1a000 LB 0x408
72f90.1c4c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73f90.1c4c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74f90.1c4c: ProductName: Microsoft® Windows® Operating System
75f90.1c4c: ProductVersion: 10.0.15063.0
76f90.1c4c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
77f90.1c4c: FileDescription: ApiSet Schema DLL
78f90.1c4c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79f90.1c4c: supR3HardenedWinFindAdversaries: 0x0
80f90.1c4c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81f90.1c4c: Calling main()
82f90.1c4c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83f90.1c4c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84f90.1c4c: SUPR3HardenedMain: Respawn #1
85f90.1c4c: System32: \Device\HarddiskVolume4\WINDOWS\System32
86f90.1c4c: WinSxS: \Device\HarddiskVolume4\WINDOWS\WinSxS
87f90.1c4c: KnownDllPath: C:\WINDOWS\System32
88f90.1c4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89f90.1c4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90f90.1c4c: supR3HardNtEnableThreadCreation:
91f90.1c4c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8dcc69ac0 pvNtTerminateThread=00007ff8dcc95df0
92f90.1c4c: supR3HardenedWinDoReSpawn(1): New child 908.568 [kernel32].
93f90.1c4c: supR3HardNtChildGatherData: PebBaseAddress=0000000000d4e000 cbPeb=0x388
94f90.1c4c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8dcbf0000 uNtDllChildAddr=00007ff8dcbf0000
95f90.1c4c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8dcc69ac0
96f90.1c4c: supR3HardenedWinSetupChildInit: Start child.
97f90.1c4c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 18 ms.
98f90.1c4c: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 23 sleeps
99f90.1c4c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100f90.1c4c: *0000000000000000-0000000000a5ffff 0x0001/0x0000 0x0000000
101f90.1c4c: *0000000000a60000-0000000000a7ffff 0x0004/0x0004 0x0020000
102f90.1c4c: *0000000000a80000-0000000000a97fff 0x0002/0x0002 0x0040000
103f90.1c4c: 0000000000a98000-0000000000a9ffff 0x0001/0x0000 0x0000000
104f90.1c4c: *0000000000aa0000-0000000000b9afff 0x0000/0x0004 0x0020000
105f90.1c4c: 0000000000b9b000-0000000000b9dfff 0x0104/0x0004 0x0020000
106f90.1c4c: 0000000000b9e000-0000000000b9ffff 0x0004/0x0004 0x0020000
107f90.1c4c: *0000000000ba0000-0000000000ba3fff 0x0002/0x0002 0x0040000
108f90.1c4c: 0000000000ba4000-0000000000baffff 0x0001/0x0000 0x0000000
109f90.1c4c: *0000000000bb0000-0000000000bb0fff 0x0004/0x0004 0x0020000
110f90.1c4c: 0000000000bb1000-0000000000bfffff 0x0001/0x0000 0x0000000
111f90.1c4c: *0000000000c00000-0000000000d4dfff 0x0000/0x0004 0x0020000
112f90.1c4c: 0000000000d4e000-0000000000d50fff 0x0004/0x0004 0x0020000
113f90.1c4c: 0000000000d51000-0000000000dfffff 0x0000/0x0004 0x0020000
114f90.1c4c: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
115f90.1c4c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116f90.1c4c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
117f90.1c4c: 000000007fff0000-00007ff73637ffff 0x0001/0x0000 0x0000000
118f90.1c4c: *00007ff736380000-00007ff7363a2fff 0x0002/0x0002 0x0040000
119f90.1c4c: 00007ff7363a3000-00007ff736ebffff 0x0001/0x0000 0x0000000
120f90.1c4c: *00007ff736ec0000-00007ff736ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
121f90.1c4c: 00007ff736ec1000-00007ff736f31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
122f90.1c4c: 00007ff736f32000-00007ff736f32fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
123f90.1c4c: 00007ff736f33000-00007ff736f78fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
124f90.1c4c: 00007ff736f79000-00007ff736f79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
125f90.1c4c: 00007ff736f7a000-00007ff736f7afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
126f90.1c4c: 00007ff736f7b000-00007ff736f7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
127f90.1c4c: 00007ff736f80000-00007ff736f80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
128f90.1c4c: 00007ff736f81000-00007ff736f81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
129f90.1c4c: 00007ff736f82000-00007ff736f85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
130f90.1c4c: 00007ff736f86000-00007ff736fcdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
131f90.1c4c: 00007ff736fce000-00007ff8dcbeffff 0x0001/0x0000 0x0000000
132f90.1c4c: *00007ff8dcbf0000-00007ff8dcbf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
133f90.1c4c: 00007ff8dcbf1000-00007ff8dccfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
134f90.1c4c: 00007ff8dcd00000-00007ff8dcd44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
135f90.1c4c: 00007ff8dcd45000-00007ff8dcd4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
136f90.1c4c: 00007ff8dcd4d000-00007ff8dcd5afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
137f90.1c4c: 00007ff8dcd5b000-00007ff8dcd5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
138f90.1c4c: 00007ff8dcd5c000-00007ff8dcd5efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
139f90.1c4c: 00007ff8dcd5f000-00007ff8dcdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
140f90.1c4c: 00007ff8dcdcb000-00007ffffffdffff 0x0001/0x0000 0x0000000
141f90.1c4c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142f90.1c4c: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
143f90.1c4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144f90.1c4c: '\Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll' has no imports
145f90.1c4c: supR3HardNtChildPurify: Done after 302 ms and 0 fixes (loop #0).
146908.568: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
147908.568: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8dcbf0000 g_uNtVerCombined=0xa03ad700
148908.568: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
149908.568: New simple heap: #1 0000000000f00000 LB 0x400000 (for 1945600 allocation)
150f90.1c4c: supR3HardNtEnableThreadCreation:
151908.568: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
152908.568: System32: \Device\HarddiskVolume4\WINDOWS\System32
153908.568: WinSxS: \Device\HarddiskVolume4\WINDOWS\WinSxS
154908.568: KnownDllPath: C:\WINDOWS\System32
155908.568: supR3HardenedVmProcessInit: Opening vboxdrv stub...
156908.568: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
157908.568: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
158908.568: Registered Dll notification callback with NTDLL.
159908.568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll)
160908.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll
161908.568: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
162908.568: supR3HardenedDllNotificationCallback: load 00007ff8d99d0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
163908.568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\KernelBase.dll)
164908.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\KernelBase.dll
165908.568: supR3HardenedDllNotificationCallback: load 00007ff8dabb0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
166908.568: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
167908.568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dabb0000 'C:\WINDOWS\System32\KERNEL32.DLL'
168908.568: supR3HardenedDllNotificationCallback: load 00007ff736ec0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
169908.568: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
170908.568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
171908.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
172908.568: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8dcc69ac0 pvNtTerminateThread=00007ff8dcc95df0
173f90.1c4c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 180 ms.
174908.568: \SystemRoot\System32\ntdll.dll:
175908.568: CreationTime: 2017-09-14T15:08:19.219152600Z
176908.568: LastWriteTime: 2017-09-05T05:26:19.169608500Z
177908.568: ChangeTime: 2018-01-10T07:53:32.027740000Z
178908.568: FileAttributes: 0x20
179908.568: Size: 0x1d7658
180908.568: NT Headers: 0xe0
181908.568: Timestamp: 0x8274fd8b
182908.568: Machine: 0x8664 - amd64
183908.568: Timestamp: 0x8274fd8b
184908.568: Image Version: 10.0
185908.568: SizeOfImage: 0x1db000 (1945600)
186908.568: Resource Dir: 0x170000 LB 0x69448
187908.568: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
188908.568: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
189908.568: ProductName: Microsoft® Windows® Operating System
190908.568: ProductVersion: 10.0.15063.608
191908.568: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
192908.568: FileDescription: NT Layer DLL
193908.568: \SystemRoot\System32\kernel32.dll:
194908.568: CreationTime: 2017-07-18T18:52:25.104163500Z
195908.568: LastWriteTime: 2017-07-18T18:52:25.135336800Z
196908.568: ChangeTime: 2018-01-10T07:53:31.396799100Z
197908.568: FileAttributes: 0x20
198908.568: Size: 0xad068
199908.568: NT Headers: 0xf8
200908.568: Timestamp: 0xf5fa43df
201908.568: Machine: 0x8664 - amd64
202908.568: Timestamp: 0xf5fa43df
203908.568: Image Version: 10.0
204908.568: SizeOfImage: 0xae000 (712704)
205908.568: Resource Dir: 0xac000 LB 0x520
206908.568: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
207908.568: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
208908.568: ProductName: Microsoft® Windows® Operating System
209908.568: ProductVersion: 10.0.15063.296
210908.568: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
211908.568: FileDescription: Windows NT BASE API Client DLL
212908.568: \SystemRoot\System32\KernelBase.dll:
213908.568: CreationTime: 2017-11-15T07:19:46.957018000Z
214908.568: LastWriteTime: 2017-11-02T05:16:53.631004400Z
215908.568: ChangeTime: 2018-01-10T07:53:31.613848000Z
216908.568: FileAttributes: 0x20
217908.568: Size: 0x2499e8
218908.568: NT Headers: 0x100
219908.568: Timestamp: 0x1a9bbe0b
220908.568: Machine: 0x8664 - amd64
221908.568: Timestamp: 0x1a9bbe0b
222908.568: Image Version: 10.0
223908.568: SizeOfImage: 0x249000 (2396160)
224908.568: Resource Dir: 0x22a000 LB 0x548
225908.568: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
226908.568: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
227908.568: ProductName: Microsoft® Windows® Operating System
228908.568: ProductVersion: 10.0.15063.726
229908.568: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
230908.568: FileDescription: Windows NT BASE API Client DLL
231908.568: \SystemRoot\System32\apisetschema.dll:
232908.568: CreationTime: 2017-03-18T20:57:35.373527900Z
233908.568: LastWriteTime: 2017-03-18T20:57:35.373527900Z
234908.568: ChangeTime: 2017-07-18T18:35:45.025491600Z
235908.568: FileAttributes: 0x20
236908.568: Size: 0x1ada0
237908.568: NT Headers: 0xc0
238908.568: Timestamp: 0x76544b2
239908.568: Machine: 0x8664 - amd64
240908.568: Timestamp: 0x76544b2
241908.568: Image Version: 10.0
242908.568: SizeOfImage: 0x1b000 (110592)
243908.568: Resource Dir: 0x1a000 LB 0x408
244908.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
245908.568: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
246908.568: ProductName: Microsoft® Windows® Operating System
247908.568: ProductVersion: 10.0.15063.0
248908.568: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
249908.568: FileDescription: ApiSet Schema DLL
250908.568: NtOpenDirectoryObject failed on \Driver: 0xc0000022
251908.568: supR3HardenedWinFindAdversaries: 0x0
252908.568: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
253908.568: Calling main()
254908.568: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
255908.568: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
256908.568: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
257908.568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
258908.568: SUPR3HardenedMain: Respawn #2
259908.568: supR3HardNtEnableThreadCreation:
260908.568: '\Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll' has no imports
261908.568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll)
262908.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
263908.568: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
264908.568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dcbf0000 'C:\WINDOWS\System32\ntdll.dll'
265908.568: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8dcc69ac0 pvNtTerminateThread=00007ff8dcc95df0
266908.568: supR3HardenedWinDoReSpawn(2): New child 15e4.1388 [kernel32].
267908.568: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
268908.568: supR3HardNtChildGatherData: PebBaseAddress=00000000003b7000 cbPeb=0x388
269908.568: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8dcbf0000 uNtDllChildAddr=00007ff8dcbf0000
270908.568: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8dcc69ac0
271908.568: supR3HardenedWinSetupChildInit: Start child.
272908.568: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
273908.568: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 27 sleeps
274908.568: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
275908.568: *0000000000000000-000000000005ffff 0x0001/0x0000 0x0000000
276908.568: *0000000000060000-000000000007ffff 0x0004/0x0004 0x0020000
277908.568: *0000000000080000-0000000000097fff 0x0002/0x0002 0x0040000
278908.568: 0000000000098000-000000000009ffff 0x0001/0x0000 0x0000000
279908.568: *00000000000a0000-000000000019afff 0x0000/0x0004 0x0020000
280908.568: 000000000019b000-000000000019dfff 0x0104/0x0004 0x0020000
281908.568: 000000000019e000-000000000019ffff 0x0004/0x0004 0x0020000
282908.568: *00000000001a0000-00000000001a3fff 0x0002/0x0002 0x0040000
283908.568: 00000000001a4000-00000000001affff 0x0001/0x0000 0x0000000
284908.568: *00000000001b0000-00000000001b0fff 0x0004/0x0004 0x0020000
285908.568: 00000000001b1000-00000000001fffff 0x0001/0x0000 0x0000000
286908.568: *0000000000200000-00000000003b6fff 0x0000/0x0004 0x0020000
287908.568: 00000000003b7000-00000000003b9fff 0x0004/0x0004 0x0020000
288908.568: 00000000003ba000-00000000003fffff 0x0000/0x0004 0x0020000
289908.568: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
290908.568: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
291908.568: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
292908.568: 000000007fff0000-00007ff73616ffff 0x0001/0x0000 0x0000000
293908.568: *00007ff736170000-00007ff736192fff 0x0002/0x0002 0x0040000
294908.568: 00007ff736193000-00007ff736ebffff 0x0001/0x0000 0x0000000
295908.568: *00007ff736ec0000-00007ff736ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
296908.568: 00007ff736ec1000-00007ff736f31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
297908.568: 00007ff736f32000-00007ff736f32fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
298908.568: 00007ff736f33000-00007ff736f78fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
299908.568: 00007ff736f79000-00007ff736f79fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
300908.568: 00007ff736f7a000-00007ff736f7afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
301908.568: 00007ff736f7b000-00007ff736f7ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
302908.568: 00007ff736f80000-00007ff736f80fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
303908.568: 00007ff736f81000-00007ff736f81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
304908.568: 00007ff736f82000-00007ff736f85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
305908.568: 00007ff736f86000-00007ff736fcdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
306908.568: 00007ff736fce000-00007ff8dcbeffff 0x0001/0x0000 0x0000000
307908.568: *00007ff8dcbf0000-00007ff8dcbf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
308908.568: 00007ff8dcbf1000-00007ff8dccfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
309908.568: 00007ff8dcd00000-00007ff8dcd44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
310908.568: 00007ff8dcd45000-00007ff8dcd4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
311908.568: 00007ff8dcd4d000-00007ff8dcd5afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
312908.568: 00007ff8dcd5b000-00007ff8dcd5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
313908.568: 00007ff8dcd5c000-00007ff8dcd5efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
314908.568: 00007ff8dcd5f000-00007ff8dcdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll
315908.568: 00007ff8dcdcb000-00007ffffffdffff 0x0001/0x0000 0x0000000
316908.568: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
317908.568: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
318908.568: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
319908.568: '\Device\HarddiskVolume4\WINDOWS\System32\ntdll.dll' has no imports
320908.568: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
32115e4.1388: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
32215e4.1388: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8dcbf0000 g_uNtVerCombined=0xa03ad700
32315e4.1388: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
32415e4.1388: New simple heap: #1 0000000000500000 LB 0x400000 (for 1945600 allocation)
325908.568: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
326908.568: supR3HardNtEnableThreadCreation:
32715e4.1388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
32815e4.1388: System32: \Device\HarddiskVolume4\WINDOWS\System32
32915e4.1388: WinSxS: \Device\HarddiskVolume4\WINDOWS\WinSxS
33015e4.1388: KnownDllPath: C:\WINDOWS\System32
33115e4.1388: supR3HardenedVmProcessInit: Opening vboxdrv...
33215e4.1388: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
33315e4.1388: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
33415e4.1388: Registered Dll notification callback with NTDLL.
33515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll)
33615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll
33715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
33815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d99d0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
33915e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\KernelBase.dll)
34015e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\KernelBase.dll
34115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dabb0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
34215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
34315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dabb0000 'C:\WINDOWS\System32\KERNEL32.DLL'
34415e4.1388: supR3HardenedDllNotificationCallback: load 00007ff736ec0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
34515e4.1388: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
34615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
34715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
34815e4.1388: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8dcc69ac0 pvNtTerminateThread=00007ff8dcc95df0
349908.568: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
35015e4.1388: \SystemRoot\System32\ntdll.dll:
35115e4.1388: CreationTime: 2017-09-14T15:08:19.219152600Z
35215e4.1388: LastWriteTime: 2017-09-05T05:26:19.169608500Z
35315e4.1388: ChangeTime: 2018-01-10T07:53:32.027740000Z
35415e4.1388: FileAttributes: 0x20
35515e4.1388: Size: 0x1d7658
35615e4.1388: NT Headers: 0xe0
35715e4.1388: Timestamp: 0x8274fd8b
35815e4.1388: Machine: 0x8664 - amd64
35915e4.1388: Timestamp: 0x8274fd8b
36015e4.1388: Image Version: 10.0
36115e4.1388: SizeOfImage: 0x1db000 (1945600)
36215e4.1388: Resource Dir: 0x170000 LB 0x69448
36315e4.1388: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
36415e4.1388: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
36515e4.1388: ProductName: Microsoft® Windows® Operating System
36615e4.1388: ProductVersion: 10.0.15063.608
36715e4.1388: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
36815e4.1388: FileDescription: NT Layer DLL
36915e4.1388: \SystemRoot\System32\kernel32.dll:
37015e4.1388: CreationTime: 2017-07-18T18:52:25.104163500Z
37115e4.1388: LastWriteTime: 2017-07-18T18:52:25.135336800Z
37215e4.1388: ChangeTime: 2018-01-10T07:53:31.396799100Z
37315e4.1388: FileAttributes: 0x20
37415e4.1388: Size: 0xad068
37515e4.1388: NT Headers: 0xf8
37615e4.1388: Timestamp: 0xf5fa43df
37715e4.1388: Machine: 0x8664 - amd64
37815e4.1388: Timestamp: 0xf5fa43df
37915e4.1388: Image Version: 10.0
38015e4.1388: SizeOfImage: 0xae000 (712704)
38115e4.1388: Resource Dir: 0xac000 LB 0x520
38215e4.1388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
38315e4.1388: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
38415e4.1388: ProductName: Microsoft® Windows® Operating System
38515e4.1388: ProductVersion: 10.0.15063.296
38615e4.1388: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
38715e4.1388: FileDescription: Windows NT BASE API Client DLL
38815e4.1388: \SystemRoot\System32\KernelBase.dll:
38915e4.1388: CreationTime: 2017-11-15T07:19:46.957018000Z
39015e4.1388: LastWriteTime: 2017-11-02T05:16:53.631004400Z
39115e4.1388: ChangeTime: 2018-01-10T07:53:31.613848000Z
39215e4.1388: FileAttributes: 0x20
39315e4.1388: Size: 0x2499e8
39415e4.1388: NT Headers: 0x100
39515e4.1388: Timestamp: 0x1a9bbe0b
39615e4.1388: Machine: 0x8664 - amd64
39715e4.1388: Timestamp: 0x1a9bbe0b
39815e4.1388: Image Version: 10.0
39915e4.1388: SizeOfImage: 0x249000 (2396160)
40015e4.1388: Resource Dir: 0x22a000 LB 0x548
40115e4.1388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
40215e4.1388: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
40315e4.1388: ProductName: Microsoft® Windows® Operating System
40415e4.1388: ProductVersion: 10.0.15063.726
40515e4.1388: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
40615e4.1388: FileDescription: Windows NT BASE API Client DLL
40715e4.1388: \SystemRoot\System32\apisetschema.dll:
40815e4.1388: CreationTime: 2017-03-18T20:57:35.373527900Z
40915e4.1388: LastWriteTime: 2017-03-18T20:57:35.373527900Z
41015e4.1388: ChangeTime: 2017-07-18T18:35:45.025491600Z
41115e4.1388: FileAttributes: 0x20
41215e4.1388: Size: 0x1ada0
41315e4.1388: NT Headers: 0xc0
41415e4.1388: Timestamp: 0x76544b2
41515e4.1388: Machine: 0x8664 - amd64
41615e4.1388: Timestamp: 0x76544b2
41715e4.1388: Image Version: 10.0
41815e4.1388: SizeOfImage: 0x1b000 (110592)
41915e4.1388: Resource Dir: 0x1a000 LB 0x408
42015e4.1388: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
42115e4.1388: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
42215e4.1388: ProductName: Microsoft® Windows® Operating System
42315e4.1388: ProductVersion: 10.0.15063.0
42415e4.1388: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
42515e4.1388: FileDescription: ApiSet Schema DLL
42615e4.1388: NtOpenDirectoryObject failed on \Driver: 0xc0000022
42715e4.1388: supR3HardenedWinFindAdversaries: 0x0
42815e4.1388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
42915e4.1388: Calling main()
43015e4.1388: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
43115e4.1388: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
43215e4.1388: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
43315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
43415e4.1388: SUPR3HardenedMain: Final process, opening VBoxDrv...
43515e4.1388: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
43615e4.1388: supR3HardNtEnableThreadCreation:
43715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
43815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
43915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
44015e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b5b50000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
44215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5b50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
44615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
44715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5b50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
44915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5b50000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
45015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
45115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
45215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
45315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
45415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll)
45515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll
45615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
45715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
45815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll)
45915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll
46015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
46115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll' [rcNtRedir=0xc0150008]
46215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
46315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll)
46415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll
46515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
46615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll' [rcNtRedir=0xc0150008]
46715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll)
46815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll
46915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
47015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
47115e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll)
47215e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
47315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
47415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll' [rcNtRedir=0xc0150008]
47515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll [lacks WinVerifyTrust]
47615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
47715e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da6b0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
47815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
47915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d90b0000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
48015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll [lacks WinVerifyTrust]
48115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d91d0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
48215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ucrtbase.dll)
48315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ucrtbase.dll
48415e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9f60000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
48515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
48615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da2f0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
48715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
48815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dc4f0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
48915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
49015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\sechost.dll)
49115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\sechost.dll
49215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da790000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
49315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
49415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
49515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
49615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll)
49715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
49815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9db0000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
49915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
50015e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
50115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-synch-l1-2-0'
50315e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
50415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-fibers-l1-1-1'
50615e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
50715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-fibers-l1-1-1'
50915e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
51015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
51115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-synch-l1-2-0'
51215e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
51315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
51415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-localization-l1-2-1'
51515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\WINDOWS\system32\Wintrust.dll'
51615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll)
51715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll
51815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
51915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
52115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
52215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\sechost.dll' [rcNtRedir=0xc0150008]
52315e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\sechost.dll [lacks WinVerifyTrust]
52415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
52515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
52615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
52715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
52815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
53015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
53115e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
53215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8c20000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
53315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
53415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8c20000 'C:\WINDOWS\system32\bcrypt.dll'
53515e4.1388: bcrypt.dll loaded at 00007ff8d8c20000, BCryptOpenAlgorithmProvider at 00007ff8d8c24aa0, preloading providers:
53615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll)
53715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll
53815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
53915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9110000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
54015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
54115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9110000 'C:\WINDOWS\system32\bcryptprimitives.dll'
54215e4.1388: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a6e310)
54315e4.1388: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a6f130)
54415e4.1388: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a6fc10)
54515e4.1388: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a6fee0)
54615e4.1388: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a701b0)
54715e4.1388: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a70480)
54815e4.1388: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a70750)
54915e4.1388: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a70a20)
55015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
55115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
55315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
55415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
55615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
55715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
55815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
55915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
56015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
56215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
56315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
56515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
56615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
56715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
56815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
56915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
57015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
57115e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\cryptsp.dll)
57215e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\cryptsp.dll
57315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8b20000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
57415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\cryptsp.dll [lacks WinVerifyTrust]
57515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
57615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll)
57715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll
57815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
57915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
58015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
58115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
58215e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
58315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8530000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
58415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
58515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
58615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
58715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\cryptbase.dll)
58815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\cryptbase.dll
58915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8b10000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
59015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\cryptbase.dll [lacks WinVerifyTrust]
59115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll [lacks WinVerifyTrust]
59215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
59315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
59415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
59515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
59615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dabb0000 'C:\WINDOWS\System32\kernel32.dll'
59715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
59815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
59915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
60015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
60115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\CRYPT32.dll'
60215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dca30000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
60315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\imagehlp.dll)
60415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\imagehlp.dll
60515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
60615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
60715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
60815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
60915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
61015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
61115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
61215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
61315e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\ngcrecovery.dll)
61415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ngcrecovery.dll
61515e4.1388: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f8 (hFile=00000000000001f0) with 0xc0000022 -> STATUS_TRUST_FAILURE
61615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
61815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\gpapi.dll)
61915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\gpapi.dll
62015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d7e00000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
62115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gpapi.dll [lacks WinVerifyTrust]
62215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d90d0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
62315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\profapi.dll)
62415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\profapi.dll
62515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
62615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
62715e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll)
62815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll
62915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
63015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll' [rcNtRedir=0xc0150008]
63115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
63215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
63315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
63415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
63515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
63615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
63715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
63815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
63915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
64015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll [lacks WinVerifyTrust]
64115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
64215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
64315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
64415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
64515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ncrypt.dll)
64615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ncrypt.dll
64715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
64815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
64915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
65015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
65115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll' [rcNtRedir=0xc0150008]
65215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
65315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
65415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
65515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
65615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
65715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
65815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll)
65915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
66015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
66115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
66215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ntasn1.dll)
66315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ntasn1.dll
66415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
66515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
66615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll [lacks WinVerifyTrust]
66715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66815e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
66915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8c9be0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
67015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
67115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
67215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
67415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
67515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
67715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
67815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
67915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
68015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
68115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
68315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
68415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
68615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
68715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
68815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
68915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
69015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
69115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
69215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
69315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
69415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
69515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
69615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
69715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
69815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
69915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\WINDOWS\System32\cryptnet.dll'
70015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll [lacks WinVerifyTrust]
70115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c9be0000 'C:\Windows\System32\cryptnet.dll'
70215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
70315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
70515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
70615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
70815e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
70915e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ac29f0
71015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
71115e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD38255A6DCCC09B45A72579827544B1B25F4681
71215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll [lacks WinVerifyTrust]
71315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
71415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da2f0000 'C:\WINDOWS\System32\rpcrt4.dll'
71515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
71615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
71715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
71815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
71915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
72015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
72115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
72215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
72315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
72415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
72515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
72615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
72715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [lacks WinVerifyTrust]
72815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
73015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
73115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
73315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
73415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
73615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2148_for_KB4053580~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
73715e4.1388: g_pfnWinVerifyTrust=00007ff8d9dbd3e0
73815e4.1388: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [redoing WinVerifyTrust]
73915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
74015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
74215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll [lacks WinVerifyTrust]
74315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
74515e4.1388: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll'
74615e4.1388: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll [redoing WinVerifyTrust]
74715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
74815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
74915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
75015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
75115e4.1388: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\wintrust.dll'
75215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
75315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
75515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
75615e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\ntasn1.dll'
75715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
75815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
75915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
76015e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll'
76115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
76215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
76315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
76415e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\ncrypt.dll'
76515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll
76615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
76715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
76815e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
76915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
77015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
77115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
77215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll'
77315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
77415e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\cryptnet.dll'
77515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
77615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
77715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
77815e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\profapi.dll'
77915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
78015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
78115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
78215e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\gpapi.dll'
78315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f4 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\ngcrecovery.dll
78415e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
78515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
78615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E3EA9BEFE875CD90A66DCBEEF4C761ACAC3755E
78715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
78815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
78915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll
79015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
79115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
79215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1593_for_KB4053580~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\ngcrecovery.dll'
79315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
79415e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\ngcrecovery.dll'
79515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
79615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
79715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
79815e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\imagehlp.dll'
79915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
80015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
80215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
80315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\cryptbase.dll'
80415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll [lacks WinVerifyTrust]
80515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
80615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
80715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll'
80815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
80915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
81015e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\cryptsp.dll'
81115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
81215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
81315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll'
81415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
81515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
81615e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll'
81715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
81815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
81915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll'
82015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
82115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
82215e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\sechost.dll'
82315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
82415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
82515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\ucrtbase.dll'
82615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
82715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
82815e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll'
82915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
83015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
83115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\msasn1.dll'
83215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
83315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
83415e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll'
83515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
83615e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
83715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
83815e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
83915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
84015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
84115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\KernelBase.dll'
84215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
84315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
84415e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll'
84515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\system32\crypt32.dll'
84615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
84715e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
84815e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
84915e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
85015e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
85115e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
85215e4.1388: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Non-Public SHA256 CA - G3
85315e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
85415e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
85515e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
85615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x9a67a632ec92d800 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Non-Public Root CA - R2
85715e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
85815e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
85915e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
86015e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
86115e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
86215e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
86315e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
86415e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
86515e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
86615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
86715e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
86815e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
86915e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
87015e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
87115e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
87215e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
87315e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
87415e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
87515e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
87615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
87715e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
87815e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
87915e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
88015e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
88115e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
88215e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
88315e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
88415e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
88515e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
88615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
88715e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
88815e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
88915e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
89015e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
89115e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
89215e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
89315e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
89415e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
89515e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
89615e4.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
89715e4.1388: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
89815e4.1388: SUPR3HardenedMain: Load Runtime...
89915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
90015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
90115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
90215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
90315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
90415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
90515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
90615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
90715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
90815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll
90915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
91015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
91115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll
91215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
91415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll
91515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
91715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
91815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll) WinVerifyTrust
91915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
92015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
92115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
92215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
92315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
92415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll
92515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
92615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
92715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
92815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
92915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
93115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
93315e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
93415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
93515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
93615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
93715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
93815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
93915e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
94015e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
94115e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
94215e4.1388: supR3HardenedDllNotificationCallback: load 0000000065910000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
94315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
94415e4.1388: supR3HardenedDllNotificationCallback: load 0000000065870000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
94515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
94615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da1b0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
94715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
94815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b48b0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
94915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
95115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
95215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
95515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
95815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
97815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
99615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b48b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\WINDOWS\system32\Wintrust.dll'
100215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
100315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
100415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
100515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
100615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\system32\crypt32.dll'
100715e4.1388: SUPR3HardenedMain: Load TrustedMain...
100815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
100915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
101015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
101115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
101215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
101315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
101415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
101515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
101615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
101715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
101815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
101915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
102015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
102115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
102215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
102315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
102415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
102515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
102615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
102715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmm.dll' [rcNtRedir=0xc0150008]
102815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
102915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
103015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
103115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
103215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\winmm.dll) WinVerifyTrust
103315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
103415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
103515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
103615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
103715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
103815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
103915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
104015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
104115e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll'.
104215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
104315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll)
104415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll
104515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
104615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
104715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
104815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
104915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
105015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
105115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
105215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
105315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll) WinVerifyTrust
105415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
105515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
105615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
105715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
105815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
105915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
106015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
106115e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll'.
106215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
106315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
106415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\combase.dll)
106515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
106615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
106715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
106815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
106915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
107015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
107115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll
107215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
107315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
107415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
107515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
107615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
107715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
107815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
107915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
108015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll) WinVerifyTrust
108115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
108215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
108315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll' [rcNtRedir=0xc0150008]
108415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
108515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
108615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll [lacks WinVerifyTrust]
108715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
108815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
108915e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll'.
109015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
109115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
109215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\user32.dll)
109315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
109415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
109515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
109615e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll'.
109715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll)
109815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll
109915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
110015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
110115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
110215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
110315e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
110415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
110515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
110615e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll'.
110715e4.1388: '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' has no imports
110815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll)
110915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll
111015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
111115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
111215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
111315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
111415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
111515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll) WinVerifyTrust
111615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
111715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
111815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
111915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
112015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
112115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
112215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll [redoing WinVerifyTrust]
112315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
112415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
112515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
112615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
112715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
112815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll [lacks WinVerifyTrust]
112915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
113015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
113115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
113215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
113315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
113415e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll'
113515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
113615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
113715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
113815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
113915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
114015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
114115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
114215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
114315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
114415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
114515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
114615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
114715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
114815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
114915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
115015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
115115e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
115215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
115315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
115415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
115515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
115615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
115715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
115815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
115915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
116015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
116115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
116215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
116315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
116415e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
116515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
116615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
116715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
116815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
116915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
117015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
117115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
117215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
117315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
117415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
117515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
117615e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
117715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
117815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
117915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
118015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
118115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
118215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
118315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
118415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
118515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
118615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
118715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
118815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
118915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
119015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
119115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
119215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
119315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll' [rcNtRedir=0xc0150008]
119415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
119515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
119615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
119715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
119815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
119915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
120015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
120115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
120215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
120315e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
120415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
120515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
120615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
120715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
120815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
120915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
121015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
121115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
121215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
121315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
121415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
121515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
121615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
121715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
121815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
121915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
122215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
122315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll' [rcNtRedir=0xc0150008]
122415e4.1388: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll'.
122515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
122615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
122715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
122815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
122915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
123015e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll)
123115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll
123215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
123315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
123415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
123515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
123615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
123715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
123815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
123915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
124015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
124115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
124215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\mpr.dll' [rcNtRedir=0xc0150008]
124315e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\mpr.dll'.
124415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\mpr.dll)
124515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\mpr.dll
124615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
124715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
124815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
124915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
125015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
125115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
125215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
125315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
125415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
125515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
125615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll' [rcNtRedir=0xc0150008]
125715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
125815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
125915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
126015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
126115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
126215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\glu32.dll' [rcNtRedir=0xc0150008]
126315e4.1388: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\glu32.dll'.
126415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
126515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
126615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
126715e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\glu32.dll)
126815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\glu32.dll
126915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
127015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
127115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
127215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
127315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
127415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
127515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
127615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
127715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
127815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
127915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
128015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
128115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
128215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll' [rcNtRedir=0xc0150008]
128315e4.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll [lacks WinVerifyTrust]
128415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
128615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
128715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
128815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
128915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
129015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
129115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
129215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
129315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
129415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
129515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
129615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
129715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
129815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
129915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
130015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
130115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
130215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
130315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
130715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
130815e4.1388: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll'.
130915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
131015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
131115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
131215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
131315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
131415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
131515e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll)
131615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll
131715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
131815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\WINDOWS\System32\winspool.drv' [rcNtRedir=0xc0150008]
131915e4.1388: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\winspool.drv'.
132015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
132115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
132215e4.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\WINDOWS\System32\winspool.drv)
132315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\winspool.drv
132415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
132515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
132615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
132715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
132815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
132915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
133015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
133115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
133215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
133315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
133415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
133515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
133615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
133715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
133815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
133915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
134015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
134115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll
134215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
134315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
134515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll' [rcNtRedir=0xc0150008]
134615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
134715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
134815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll' [rcNtRedir=0x0]
134915e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll'.
135015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
135115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
135215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
135315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll)
135415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll
135515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
135615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
135715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
135815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
135915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
136015e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll'.
136115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
136215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
136315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
136415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll)
136515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll
136615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
136715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
136815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
136915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
137015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
137115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
137215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
137315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
137415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
137515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
137615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
137715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
137815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
137915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
138015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
138115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [lacks WinVerifyTrust]
138215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
138315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
138415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
138515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
138615e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
138715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
138815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
138915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
139015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
139115e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
139215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
139315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
139415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
139515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
139615e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
139715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
139815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
139915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
140015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
140115e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
140215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
140315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
140415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
140515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
140615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
140715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
140815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll' [rcNtRedir=0xc0150008]
140915e4.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll [redoing WinVerifyTrust]
141015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll
141115e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
141215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
141315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
141415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
141515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
141615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll'
141715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
141815e4.1388: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll'
141915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
142015e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
142115e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll
142215e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
142315e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
142415e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
142515e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
142615e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
142715e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
142815e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\glu32.dll [avoiding WinVerifyTrust]
142915e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\mpr.dll [avoiding WinVerifyTrust]
143015e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\winspool.drv [avoiding WinVerifyTrust]
143115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
143215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
143315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
143415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
143515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
143615e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll [avoiding WinVerifyTrust]
143715e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da130000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
143815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [avoiding WinVerifyTrust]
143915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9e10000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
144015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
144115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9c20000 LB 0x00187000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
144215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
144315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
144415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
144515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
144615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\gdi32full.dll)
144715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\gdi32full.dll
144815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da750000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
144915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [avoiding WinVerifyTrust]
145015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da420000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
145115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b5430000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
145215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\glu32.dll [avoiding WinVerifyTrust]
145315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b3a00000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
145415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\opengl32.dll
145515e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9180000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
145615e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll)
145715e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll
145815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dc730000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
145915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll [avoiding WinVerifyTrust]
146015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dab00000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
146115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
146215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
146315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
146415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll)
146515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll
146615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dc5d0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
146715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll [avoiding WinVerifyTrust]
146815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d90f0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
146915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
147015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
147115e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\kernel.appcore.dll)
147215e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\kernel.appcore.dll
147315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d9060000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
147415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
147515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\powrprof.dll)
147615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\powrprof.dll
147715e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d92d0000 LB 0x006f1000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
147815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
147915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
148015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
148115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
148215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\windows.storage.dll)
148315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\windows.storage.dll
148415e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dac70000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
148515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
148615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da840000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
148715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
148815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8cc1b0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
148915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\mpr.dll [avoiding WinVerifyTrust]
149015e4.1388: supR3HardenedDllNotificationCallback: load 0000000065300000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
149115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
149215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b3400000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
149315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
149415e4.1388: supR3HardenedDllNotificationCallback: load 0000000064d90000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
149515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
149615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8cdc90000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
149715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\winspool.drv [avoiding WinVerifyTrust]
149815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8ca7e0000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
149915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
150015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da5a0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
150115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll [avoiding WinVerifyTrust]
150215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b33a0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
150315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
150415e4.1388: supR3HardenedDllNotificationCallback: load 0000000064d30000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
150515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
150615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da220000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
150715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
150815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d6230000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
150915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll [avoiding WinVerifyTrust]
151015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d6260000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
151115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
151215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b3c00000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
151315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
151415e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\windows.storage.dll'.
151515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\windows.storage.dll' [rescheduled]
151615e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\powrprof.dll'.
151715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\powrprof.dll' [rescheduled]
151815e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\kernel.appcore.dll'.
151915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\kernel.appcore.dll' [rescheduled]
152015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll'.
152115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll' [rescheduled]
152215e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll'.
152315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll' [rescheduled]
152415e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\gdi32full.dll'.
152515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\gdi32full.dll' [rescheduled]
152615e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
152715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
152815e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll'.
152915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll' [rescheduled]
153015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll'.
153115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\comctl32.dll' [rescheduled]
153215e4.1388: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\winspool.drv'.
153315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\winspool.drv' [rescheduled]
153415e4.1388: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll'.
153515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\comdlg32.dll' [rescheduled]
153615e4.1388: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\WINDOWS\System32\glu32.dll'.
153715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\glu32.dll' [rescheduled]
153815e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\mpr.dll'.
153915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\mpr.dll' [rescheduled]
154015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll'.
154115e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rescheduled]
154215e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll'.
154315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rescheduled]
154415e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll'.
154515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rescheduled]
154615e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll'.
154715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll' [rescheduled]
154815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll
154915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
155015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\profapi.dll' [rcNtRedir=0xc0150008]
155115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\profapi.dll
155215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
155315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
155415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll [redoing WinVerifyTrust]
155515e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll'.
155615e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
155715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
155815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
155915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
156215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
156415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
156815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
156915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll [redoing WinVerifyTrust]
157015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll'.
157115e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
157215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
157315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
157415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
157515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
157615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
157715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
157815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [redoing WinVerifyTrust]
157915e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll'.
158015e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll
158115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
158315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
158415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
158515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [redoing WinVerifyTrust]
158615e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll'.
158715e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll
158815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
158915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
159015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
159115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
159315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [redoing WinVerifyTrust]
159615e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll'.
159715e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll
159815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
159915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
160015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
160115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dabb0000 'C:\WINDOWS\System32\kernel32.dll'
160315e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
160415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-string-l1-1-0'
160615e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
160715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
160815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-datetime-l1-1-1'
160915e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
161015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
161115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-localization-obsolete-l1-2-0'
161215e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll'.
161315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
161415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
161515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll)
161615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll
161715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
161815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
161915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [redoing WinVerifyTrust]
162015e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll'.
162115e4.1388: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll
162215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
162415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
162515e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da570000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
162615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll [avoiding WinVerifyTrust]
162715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da570000 'C:\WINDOWS\system32\IMM32.DLL'
162815e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll'.
162915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll' [rescheduled]
163015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll [redoing WinVerifyTrust]
163115e4.1388: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll'.
163215e4.1388: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll
163315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
163415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da570000 'C:\WINDOWS\System32\imm32.dll'
163515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
163615e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
163715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da790000 'C:\WINDOWS\System32\ADVAPI32.DLL'
163815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3c00000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
163915e4.1388: SUPR3HardenedMain: Calling TrustedMain (00007ff8b3c014f0)...
164015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
164115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
164215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
164315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
164415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
164515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
164615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
164715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
164815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
164915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
165015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
165115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
165215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
165315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
165415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
165515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
165615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
165715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
165815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
165915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
166015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
166115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
166215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
166315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
166415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
166515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
166615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shell32.dll' [rcNtRedir=0xc0150008]
166715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
166815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
166915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
167015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
167115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
167215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmm.dll' [rcNtRedir=0xc0150008]
167315e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
167415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
167515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll' [rcNtRedir=0xc0150008]
167615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll [redoing WinVerifyTrust]
167715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
167815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
167915e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll'
168015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
168215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\user32.dll
168315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
168415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
168515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
168615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
168715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll [redoing WinVerifyTrust]
168915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
169015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
169115e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll'
169215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
169315e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
169415e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8b2b80000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
169515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
169615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b2b80000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
169715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll
169815e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
169915e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
170015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
170115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
170215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
170315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll'
170415e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
170515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
170615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
170715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
170815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll) WinVerifyTrust
170915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll
171015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
171215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
171315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
171415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
171515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
171615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
171715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
171815e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll
171915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d77b0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
172015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll
172115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d77b0000 'C:\WINDOWS\system32\uxtheme.dll'
172215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da420000 'C:\WINDOWS\system32\user32.dll'
172315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
172415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
172615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll [redoing WinVerifyTrust]
172715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
172815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
172915e4.1388: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll'
173015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
173115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dab00000 'C:\WINDOWS\system32\SHCore.dll'
173215e4.1388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
173315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
173415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
173615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
173715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
173815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\dwmapi.dll)
173915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\dwmapi.dll
174015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d61d0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
174115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dwmapi.dll [avoiding WinVerifyTrust]
174215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
174315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
174415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
174615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
174715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
174815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [lacks WinVerifyTrust]
174915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
175215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
175315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\dwmapi.dll'
175415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
175515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
175615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\system32\winmm.dll'
175715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
175815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
175915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\system32\winmm.dll'
176015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
176115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
176315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\uxtheme.dll
176415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d77b0000 'C:\WINDOWS\system32\uxtheme.dll'
176615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll
176715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da790000 'C:\WINDOWS\system32\advapi32.dll'
176915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
177015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
177115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
177215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
177315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\userenv.dll) WinVerifyTrust
177415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\userenv.dll
177515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
177615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\profapi.dll' [rcNtRedir=0xc0150008]
177715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\profapi.dll
177815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
177915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
178015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll
178115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
178215e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\userenv.dll
178315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8f60000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
178415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\userenv.dll
178515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8f60000 'C:\WINDOWS\system32\userenv.dll'
178615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\kernel32.dll
178715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
178815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dabb0000 'C:\WINDOWS\System32\kernel32.dll'
178915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8dc630000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
179015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
179115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
179215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\clbcatq.dll)
179315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\clbcatq.dll
179415e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
179515e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
179615e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179715e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179815e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
179915e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
180015e4.9fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\clbcatq.dll'
180115e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
180215e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
180315e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
180415e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
180515e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
180615e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
180715e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
180815e4.9fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
180915e4.9fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
181015e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
181115e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
181215e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
181315e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
181415e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
181515e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
181615e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
181715e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
181815e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
181915e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
182015e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
182115e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
182215e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
182315e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
182415e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
182515e4.9fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
182615e4.9fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
182715e4.9fc: supR3HardenedDllNotificationCallback: load 00007ff8b2490000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
182815e4.9fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
182915e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b2490000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
183015e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
183115e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
183215e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
183315e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
183415e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
183515e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
183615e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
183715e4.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
183815e4.9fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
183915e4.9fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
184015e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
184115e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
184215e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
184315e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
184415e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
184515e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
184615e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
184715e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
184815e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
184915e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
185015e4.9fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll [redoing WinVerifyTrust]
185115e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
185215e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
185315e4.9fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\shlwapi.dll'
185415e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
185515e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
185615e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
185715e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
185815e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
185915e4.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
186015e4.9fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
186115e4.9fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
186215e4.9fc: supR3HardenedDllNotificationCallback: load 00007ff8b29e0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
186315e4.9fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
186415e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b29e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
186515e4.9fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
186615e4.9fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
186715e4.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da220000 'C:\Windows\System32\oleaut32.dll'
186815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll
186915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da750000 'C:\WINDOWS\system32\gdi32.dll'
187115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8da990000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
187215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
187415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
187515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
187615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
187715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msctf.dll)
187815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msctf.dll
187915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
188015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\imm32.dll' [rcNtRedir=0xc0150008]
188115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\imm32.dll
188215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
188315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\gdi32.dll' [rcNtRedir=0xc0150008]
188415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
188515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
188615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
188715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
188815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
188915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
189215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
189315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\msctf.dll'
189415e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll
189515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
189615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
189715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
189815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
189915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
190015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll'
190115e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
190215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
190315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
190415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
190515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
190615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
190715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll) WinVerifyTrust
190815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll
190915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
191015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\dcomp.dll' [rcNtRedir=0xc0150008]
191115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
191215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
191315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
191415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
191515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\dcomp.dll) WinVerifyTrust
191615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\dcomp.dll
191715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
191815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\d3d11.dll' [rcNtRedir=0xc0150008]
191915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rsaenh.dll
192015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
192315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
192415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [lacks WinVerifyTrust]
192515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
192615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
192715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
192815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
192915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
193015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
193115e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\d3d11.dll) WinVerifyTrust
193215e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\d3d11.dll
193315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
193415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
193515e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll [redoing WinVerifyTrust]
193615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
193715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
193815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [lacks WinVerifyTrust]
193915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
194015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll' [rcNtRedir=0xc0150008]
194115e4.1388: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll'.
194215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
194415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll)
194515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll
194615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
194715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
194915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
195015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [lacks WinVerifyTrust]
195115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
195215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
195315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
195415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
195515e4.1388: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll'
195615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
195715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shcore.dll' [rcNtRedir=0xc0150008]
195815e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll
195915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
196015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
196115e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
196215e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll
196315e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\d3d11.dll
196415e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dcomp.dll
196515e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll [avoiding WinVerifyTrust]
196615e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d7e80000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
196715e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll [avoiding WinVerifyTrust]
196815e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d67b0000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
196915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\d3d11.dll
197015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d7130000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
197115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dcomp.dll
197215e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8c54d0000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
197315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\DataExchange.dll
197415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c54d0000 'C:\WINDOWS\system32\dataexchange.dll'
197515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
197615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
197715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\dxgi.dll'
197815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
197915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
198015e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
198115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
198215e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\twinapi.appcore.dll)
198315e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\twinapi.appcore.dll
198415e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d7a50000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
198515e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
198615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
198715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
198815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
198915e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\TextInputFramework.dll)
199015e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\TextInputFramework.dll
199115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
199215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
199315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
199415e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\CoreUIComponents.dll)
199515e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\CoreUIComponents.dll
199615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
199715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
199815e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll)
199915e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll
200015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ntmarta.dll)
200115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ntmarta.dll
200215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
200315e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
200415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
200515e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\WinTypes.dll)
200615e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\WinTypes.dll
200715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
200815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
200915e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\usermgrcli.dll)
201015e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\usermgrcli.dll
201115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d8170000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
201215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ntmarta.dll [avoiding WinVerifyTrust]
201315e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d6a90000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
201415e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
201515e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d5640000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
201615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\WinTypes.dll [avoiding WinVerifyTrust]
201715e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d5780000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
201815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\usermgrcli.dll [avoiding WinVerifyTrust]
201915e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d57b0000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
202015e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
202115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8d29b0000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
202215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
202315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
202415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
202515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
202615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
202715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
202815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
202915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcryptprimitives.dll
203015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
203115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
203215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
203315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
203415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
203515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
203615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
203715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
204015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shcore.dll' [rcNtRedir=0xc0150008]
204115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll
204215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
204315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
204415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll [lacks WinVerifyTrust]
204515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
204615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
204815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
204915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll [lacks WinVerifyTrust]
205015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
205115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
205215e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
205315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
205515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
205615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
205715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
205815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
205915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
206015e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll
206115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
206215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
206315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
206415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
206615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
206715e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\usermgrcli.dll'
206815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
206915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
207015e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\WinTypes.dll'
207115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
207215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
207315e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\ntmarta.dll'
207415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
207515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
207615e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\CoreMessaging.dll'
207715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
207815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
207915e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\CoreUIComponents.dll'
208015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
208115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
208215e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\TextInputFramework.dll'
208315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
208415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
208515e4.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\twinapi.appcore.dll'
208615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
208715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
208815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da220000 'C:\WINDOWS\System32\OLEAUT32.DLL'
208915e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
209015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da420000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
209215e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
209315e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da420000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
209515e4.1388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
209615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
209715e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
209815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
209915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dc730000 'api-ms-win-core-com-l1-1-1.dll'
210015e4.1388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210215e4.1388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210415e4.1388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
210515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
210615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msctf.dll
210715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
210815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da990000 'C:\WINDOWS\System32\MSCTF.dll'
210915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
211015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
211215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
211315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
211415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da840000 'C:\WINDOWS\System32\ole32.dll'
211615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll
211715e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
211815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da220000 'C:\WINDOWS\System32\OLEAUT32.dll'
211915e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll
212015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
212115e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
212215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
212315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
212415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
212515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll'
212615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
212715e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
212815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
212915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
213015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll) WinVerifyTrust
213115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll
213215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
213315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
213415e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a8c pwszName=\Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll
213515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
213615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
213715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
213815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
213915e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\crypt32.dll
214015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
214115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
214215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll'
214315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
214415e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214515e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
214615e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
214715e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll) WinVerifyTrust
214815e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll
214915e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
215015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
215115e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
215215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
215315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215415e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
215515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
215615e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
215715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
215815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
215915e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\bcrypt.dll
216015e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
216115e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
216215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
216315e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll
216415e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll
216515e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8ccda0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
216615e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll
216715e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8cce30000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
216815e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemprox.dll
216915e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
217015e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
217115e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
217215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cce30000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
217315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll
217415e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
217515e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
217615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
217715e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
217815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
217915e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll'
218015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
218115e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
218215e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
218315e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll) WinVerifyTrust
218415e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll
218515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
218615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
218715e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
218815e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
218915e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
219015e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll
219115e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8cca90000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
219215e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\wbemsvc.dll
219315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cca90000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
219415e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
219515e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
219615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-localization-l1-2-0.dll'
219715e4.1388: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
219815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
219915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d99d0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
220015e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af8 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll
220115e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
220215e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
220315e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
220415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
220515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
220615e4.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll'
220715e4.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
220815e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
220915e4.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
221015e4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll) WinVerifyTrust
221115e4.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll
221215e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
221315e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
221415e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbemcomn.dll
221515e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
221615e4.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
221715e4.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll
221815e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
221915e4.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll
222015e4.1388: supR3HardenedDllNotificationCallback: load 00007ff8ccb30000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
222115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wbem\fastprox.dll
222215e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ccb30000 'C:\WINDOWS\system32\wbem\fastprox.dll'
222315e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ole32.dll
222415e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
222515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da840000 'C:\WINDOWS\system32\ole32.dll'
222615e4.1fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
222715e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
222815e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
222915e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
223015e4.1fdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
223115e4.1fdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
223215e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
223315e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
223415e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
223515e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
223615e4.1fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
223715e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
223815e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
223915e4.1fdc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
224015e4.1fdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
224115e4.1fdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
224215e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
224315e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
224415e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
224515e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
224615e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
224715e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
224815e4.1fdc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
224915e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
225015e4.1fdc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
225115e4.1fdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
225215e4.1fdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
225315e4.1fdc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
225415e4.1fdc: supR3HardenedDllNotificationCallback: load 0000000064a90000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
225515e4.1fdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
225615e4.1fdc: supR3HardenedDllNotificationCallback: load 00007ff8abe30000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
225715e4.1fdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
225815e4.1fdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8abe30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
225915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
226015e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be8 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll
226115e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
226215e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
226315e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1E5A9ACAE97AEA2587277AEA0A8C325D8569A5A4
226415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
226515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
226615e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll'
226715e4.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
226815e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
226915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
227015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'oleaut32.dll'.
227115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'ws2_32.dll'.
227215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'netsetupapi.dll'.
227315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'setupapi.dll'.
227415e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll) WinVerifyTrust
227515e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll
227615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
227715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll' [rcNtRedir=0xc0150008]
227815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
227915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
228015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
228115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
228215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
228315e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll) WinVerifyTrust
228415e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll
228515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
228615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
228715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
228815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
228915e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll [lacks WinVerifyTrust]
229015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
229115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
229215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
229315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
229415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
229515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
229615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
229715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
229815e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\NetSetupApi.dll) WinVerifyTrust
229915e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\NetSetupApi.dll
230015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
230115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
230215e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
230315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
230415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
230515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
230615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
230715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
230815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
230915e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
231015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
231115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
231215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
231515e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll
231615e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupApi.dll
231715e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8cb440000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
231815e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupApi.dll
231915e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8dc0b0000 LB 0x0043b000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
232015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll
232115e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8b5d30000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
232215e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupShim.dll
232315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5d30000 'C:\Windows\System32\NetSetupShim.dll'
232415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
232515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
232615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
232715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
232815e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
232915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
233015e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\NetSetupEngine.dll) WinVerifyTrust
233115e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\NetSetupEngine.dll
233215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
233315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winnsi.dll' [rcNtRedir=0xc0150008]
233415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
233515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
233615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
233715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
233815e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\winnsi.dll) WinVerifyTrust
233915e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\winnsi.dll
234015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
234115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll' [rcNtRedir=0xc0150008]
234215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
234315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll' [rcNtRedir=0xc0150008]
234415e4.101c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll'.
234515e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll)
234615e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\nsi.dll
234715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
234815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
234915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
235015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
235115e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll) WinVerifyTrust
235215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
235315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
235415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
235515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
235615e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235715e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupEngine.dll
235815e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winnsi.dll
235915e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8dac60000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
236015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\nsi.dll [avoiding WinVerifyTrust]
236115e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d3a00000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
236215e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winnsi.dll
236315e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8c3220000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
236415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\NetSetupEngine.dll
236515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3220000 'C:\Windows\System32\NetSetupEngine.dll'
236615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
236715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
236815e4.101c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\nsi.dll'
236915e4.1954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
237015e4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
237115e4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
237215e4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
237315e4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
237415e4.1954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
237515e4.1954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
237615e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
237715e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
237815e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
237915e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
238015e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
238115e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
238215e4.1954: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
238315e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
238415e4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
238515e4.1954: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
238615e4.1954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
238715e4.1954: supR3HardenedDllNotificationCallback: load 00007ff8d5f40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
238815e4.1954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
238915e4.1954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d5f40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
239015e4.1954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da420000 'C:\WINDOWS\system32\User32.dll'
239115e4.820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
239215e4.820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
239315e4.820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
239415e4.820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
239515e4.820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
239615e4.820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
239715e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
239815e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
239915e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
240015e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
240115e4.820: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
240215e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
240315e4.820: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
240415e4.820: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240515e4.820: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
240615e4.820: supR3HardenedDllNotificationCallback: load 00007ff8d5e80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
240715e4.820: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
240815e4.820: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d5e80000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
240915e4.24b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
241015e4.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
241115e4.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
241215e4.24b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
241315e4.24b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
241415e4.24b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
241515e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
241615e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
241715e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
241815e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
241915e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
242015e4.24b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
242115e4.24b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242215e4.24b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
242315e4.24b8: supR3HardenedDllNotificationCallback: load 00007ff8d2c60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
242415e4.24b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
242515e4.24b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2c60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
242615e4.e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
242715e4.e3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
242815e4.e3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
242915e4.e3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
243015e4.e3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
243115e4.e3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
243215e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
243315e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
243415e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
243515e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
243615e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
243715e4.e3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
243815e4.e3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
243915e4.e3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
244015e4.e3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
244115e4.e3c: supR3HardenedDllNotificationCallback: load 00007ff8d1fe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
244215e4.e3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
244315e4.e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d1fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
244415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\Shell32.dll'
244515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
244615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
244715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
244815e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
244915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
245015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
245115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
245215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
245315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
245415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
245515e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
245615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
245715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
245815e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
245915e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
246015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
246115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
246215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
246315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
246415e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\IPHLPAPI.DLL) WinVerifyTrust
246515e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\IPHLPAPI.DLL
246615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
246715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ole32.dll' [rcNtRedir=0xc0150008]
246815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
246915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
247015e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ws2_32.dll
247115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
247215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll' [rcNtRedir=0xc0150008]
247315e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll
247415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
247515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
247615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
247715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
247815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
247915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
248015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
248115e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
248215e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
248315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
248415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
248515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
248615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
248715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
248815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
248915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
249015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
249115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
249215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
249315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
249415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
249515e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
249615e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
249715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
249815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
249915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
250015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
250115e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
250215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
250315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
250415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
250515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\advapi32.dll' [rcNtRedir=0xc0150008]
250615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
250715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll' [rcNtRedir=0xc0150008]
250815e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\setupapi.dll
250915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
251015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
251115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
251215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
251315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
251415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
251515e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
251615e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
251715e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
251815e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
251915e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\IPHLPAPI.DLL
252015e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8ccfd0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
252115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
252215e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8c3930000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
252315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
252415e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d8710000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
252515e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\IPHLPAPI.DLL
252615e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8a6f80000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
252715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
252815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a6f80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
252915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
253015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
253115e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
253215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b2490000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
253315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
253415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
253515e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
253615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3930000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
253715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
253815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
253915e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
254015e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
254115e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
254215e4.2040: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
254315e4.2040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
254415e4.2040: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
254515e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
254615e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
254715e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
254815e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
254915e4.2040: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
255015e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
255115e4.2040: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
255215e4.2040: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255315e4.2040: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
255415e4.2040: supR3HardenedDllNotificationCallback: load 00007ff8cf5f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
255515e4.2040: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
255615e4.2040: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8cf5f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
255715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
255815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
255915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
256115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
256215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
256315e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll) WinVerifyTrust
256415e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
256515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
256615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\propsys.dll' [rcNtRedir=0xc0150008]
256715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
256815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
256915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
257015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
257115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
257215e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\propsys.dll) WinVerifyTrust
257315e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\propsys.dll
257415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
257515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\devobj.dll' [rcNtRedir=0xc0150008]
257615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
257715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
257815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
257915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
258015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
258315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
258415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
258515e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\devobj.dll) WinVerifyTrust
258615e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\devobj.dll
258715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
258815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
258915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
259015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
259115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
259215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
259315e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll [redoing WinVerifyTrust]
259415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
259515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
259615e4.101c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\cfgmgr32.dll'
259715e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
259815e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
259915e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\devobj.dll
260015e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\propsys.dll
260115e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d79c0000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
260215e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\devobj.dll
260315e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d5fb0000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
260415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\propsys.dll
260515e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d3560000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
260615e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
260715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3560000 'C:\WINDOWS\System32\MMDevApi.dll'
260815e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df8 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
260915e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
261015e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
261115e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
261215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
261315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
261415e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\dsound.dll'
261515e4.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
261615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
261715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
261815e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\dsound.dll) WinVerifyTrust
261915e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
262015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
262115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmm.dll' [rcNtRedir=0xc0150008]
262215e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
262315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
262415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
262515e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
262615e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
262715e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8bcb50000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
262815e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
262915e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
263015e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
263115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\System32\dsound.dll'
263215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\System32\dsound.dll'
263315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
263415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
263615e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
263715e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3560000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
263915e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
264015e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
264115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
264215e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
264315e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
264415e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
264515e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
264615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
264715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
264815e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1913_for_KB4053580~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv'
264915e4.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
265015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
265215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
265315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
265415e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv) WinVerifyTrust
265515e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
265615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
265715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\avrt.dll' [rcNtRedir=0xc0150008]
265815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
265915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
266015e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\avrt.dll) WinVerifyTrust
266115e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\avrt.dll
266215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
266315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\ksuser.dll' [rcNtRedir=0xc0150008]
266415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
266515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
266615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266715e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\ksuser.dll) WinVerifyTrust
266815e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\ksuser.dll
266915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
267015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
267115e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
267215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267615e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
267715e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
267815e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ksuser.dll
267915e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\avrt.dll
268015e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8b2d10000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
268115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\ksuser.dll
268215e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d5b90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
268315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\avrt.dll
268415e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8ad520000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
268515e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
268615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ad520000 'C:\WINDOWS\System32\wdmaud.drv'
268715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
268815e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
268915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ad520000 'C:\WINDOWS\System32\wdmaud.drv'
269015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
269115e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
269215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ad520000 'C:\WINDOWS\System32\wdmaud.drv'
269315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
269415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
269515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ad520000 'C:\WINDOWS\System32\wdmaud.drv'
269615e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\wdmaud.drv
269715e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
269815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ad520000 'C:\WINDOWS\System32\wdmaud.drv'
269915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
270015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
270115e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
270215e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
270315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
270415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
270515e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
270615e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\AudioSes.dll) WinVerifyTrust
270715e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\AudioSes.dll
270815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
270915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\avrt.dll' [rcNtRedir=0xc0150008]
271015e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\avrt.dll
271115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
271215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
271315e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
271415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
271515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
271615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
271715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
271815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
271915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
272015e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msvcp_win.dll
272115e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
272215e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\AudioSes.dll
272315e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8ced60000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
272415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\AudioSes.dll
272515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ced60000 'C:\WINDOWS\System32\AUDIOSES.DLL'
272615e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
272715e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
272815e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
272915e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
273015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
273115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
273215e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv'
273315e4.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
273415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
273515e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
273615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
273715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
273815e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv) WinVerifyTrust
273915e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
274015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
274115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
274215e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll [redoing WinVerifyTrust]
274315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
274415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
274515e4.101c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\winmmbase.dll'
274615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
274715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msacm32.dll' [rcNtRedir=0xc0150008]
274815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
274915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
275015e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
275115e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\msacm32.dll) WinVerifyTrust
275215e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\msacm32.dll
275315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
275415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
275515e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\MMDevAPI.dll
275615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
275815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276015e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
276115e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
276215e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.dll
276315e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8c45f0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
276415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.dll
276515e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8c5650000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
276615e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
276715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
276815e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
276915e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
277015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
277115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
277215e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
277315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
277415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
277515e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
277615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
277715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
277815e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
277915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
278115e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
278215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\msacm32.drv
278415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
278515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5650000 'C:\WINDOWS\System32\msacm32.drv'
278915e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
279015e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ac29f0
279115e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ac29f0
279215e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
279315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
279415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
279515e4.101c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\WINDOWS\System32\midimap.dll'
279615e4.101c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
279715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279815e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
279915e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\midimap.dll) WinVerifyTrust
280015e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
280115e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
280215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\winmm.dll' [rcNtRedir=0xc0150008]
280315e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
280415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
280515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
280615e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
280715e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
280815e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8c5640000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
280915e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
281015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5640000 'C:\WINDOWS\System32\midimap.dll'
281115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
281215e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
281315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5640000 'C:\WINDOWS\System32\midimap.dll'
281415e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
281515e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
281615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5640000 'C:\WINDOWS\System32\midimap.dll'
281715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\midimap.dll
281815e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
281915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5640000 'C:\WINDOWS\System32\midimap.dll'
282015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
282115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
282215e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
282415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
282515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
282615e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
282715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
282815e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
283015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
283115e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
283215e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
283415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
283515e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
283615e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
283815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
283915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
284215e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
284315e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
284415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
284815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
284915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
285015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
285215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
285615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
285915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
286015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
286115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
286215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
286315e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
286415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
286515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
286615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
286715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
286815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
286915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
287015e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
287115e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
287215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
287315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
287415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
287515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
287615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
287715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
287815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
287915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
288015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
288415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
288815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
288915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
289015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
289215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
289615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
289915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
290015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
290215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
290415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
290815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
290915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
291015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
291115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
291215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
291315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
291415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
291515e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\dsound.dll
291615e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
291715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
291815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
291915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
292215e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\winmm.dll
292315e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
292815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
292915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
293015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
293415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
293615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
293815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
293915e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
294015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9db0000 'C:\Windows\System32\WINTRUST.DLL'
294115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\CRYPT32.dll'
294215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
294315e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
294415e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
294515e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'combase.dll'.
294615e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'shcore.dll'.
294715e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'win32u.dll'.
294815e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'textinputframework.dll'.
294915e4.101c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
295015e4.101c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\WINDOWS\System32\Windows.UI.dll) WinVerifyTrust
295115e4.101c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\WINDOWS\System32\Windows.UI.dll
295215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
295315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\user32.dll' [rcNtRedir=0xc0150008]
295415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
295515e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
295615e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\TextInputFramework.dll
295715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
295815e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll' [rcNtRedir=0xc0150008]
295915e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\win32u.dll [redoing WinVerifyTrust]
296015e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8530000 'C:\WINDOWS\system32\rsaenh.dll'
296115e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d9f60000 'C:\WINDOWS\System32\crypt32.dll'
296215e4.101c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\WINDOWS\System32\win32u.dll'
296315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
296415e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\shcore.dll' [rcNtRedir=0xc0150008]
296515e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\SHCore.dll
296615e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
296715e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\combase.dll' [rcNtRedir=0xc0150008]
296815e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\combase.dll
296915e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
297015e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
297115e4.101c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\rpcrt4.dll
297215e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
297315e4.101c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\WINDOWS\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
297415e4.101c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
297515e4.101c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\Windows.UI.dll
297615e4.101c: supR3HardenedDllNotificationCallback: load 00007ff8d2a40000 LB 0x00106000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
297715e4.101c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\Windows.UI.dll
297815e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d2a40000 'C:\Windows\System32\Windows.UI.dll'
297915e4.1edc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\avrt.dll
298015e4.1edc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
298115e4.1edc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d5b90000 'C:\WINDOWS\System32\avrt.dll'
298215e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
298315e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
298415e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
298515e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
298615e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcb50000 'C:\WINDOWS\system32\dsound.dll'
298715e4.101c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d6260000 'C:\WINDOWS\System32\winmm.dll'
298815e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
298915e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
299015e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
299115e4.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\WINDOWS\System32\shell32.dll
299215e4.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
299315e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
299415e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
299515e4.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8dac70000 'C:\WINDOWS\system32\shell32.dll'
299615e4.2040: supR3HardenedDllNotificationCallback: Unload 00007ff8cf5f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
299715e4.e3c: supR3HardenedDllNotificationCallback: Unload 00007ff8d1fe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
299815e4.24b8: supR3HardenedDllNotificationCallback: Unload 00007ff8d2c60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
299915e4.820: supR3HardenedDllNotificationCallback: Unload 00007ff8d5e80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
300015e4.1954: supR3HardenedDllNotificationCallback: Unload 00007ff8d5f40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
300115e4.101c: supR3HardenedDllNotificationCallback: Unload 00007ff8a6f80000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
300215e4.101c: supR3HardenedDllNotificationCallback: Unload 00007ff8ccfd0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
300315e4.101c: supR3HardenedDllNotificationCallback: Unload 00007ff8c3930000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
300415e4.101c: supR3HardenedDllNotificationCallback: Unload 00007ff8d8710000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
300515e4.1388: Terminating the normal way: rcExit=0
3006908.568: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 110956 ms, the end);
3007f90.1c4c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 111463 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy