VirtualBox

Ticket #17578: Windows Server 2003 R2-2018-02-28-17-50-22.log

File Windows Server 2003 R2-2018-02-28-17-50-22.log, 460.5 KB (added by Minghao, 7 years ago)
Line 
1694.664: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
2694.664: \SystemRoot\System32\ntdll.dll:
3694.664: CreationTime: 2018-02-23T04:11:55.406888700Z
4694.664: LastWriteTime: 2018-02-10T06:15:34.902092600Z
5694.664: ChangeTime: 2018-02-23T04:21:03.955048800Z
6694.664: FileAttributes: 0x20
7694.664: Size: 0x1dd100
8694.664: NT Headers: 0xe0
9694.664: Timestamp: 0xeffc9126
10694.664: Machine: 0x8664 - amd64
11694.664: Timestamp: 0xeffc9126
12694.664: Image Version: 10.0
13694.664: SizeOfImage: 0x1e0000 (1966080)
14694.664: Resource Dir: 0x174000 LB 0x6a1d8
15694.664: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16694.664: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17694.664: ProductName: Microsoft® Windows® Operating System
18694.664: ProductVersion: 10.0.16299.248
19694.664: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
20694.664: FileDescription: NT Layer DLL
21694.664: \SystemRoot\System32\kernel32.dll:
22694.664: CreationTime: 2017-09-29T13:42:04.954227600Z
23694.664: LastWriteTime: 2017-09-29T13:42:04.954227600Z
24694.664: ChangeTime: 2017-11-23T07:15:14.073851000Z
25694.664: FileAttributes: 0x20
26694.664: Size: 0xab868
27694.664: NT Headers: 0xe8
28694.664: Timestamp: 0xc2cf900
29694.664: Machine: 0x8664 - amd64
30694.664: Timestamp: 0xc2cf900
31694.664: Image Version: 10.0
32694.664: SizeOfImage: 0xae000 (712704)
33694.664: Resource Dir: 0xac000 LB 0x520
34694.664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35694.664: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36694.664: ProductName: Microsoft® Windows® Operating System
37694.664: ProductVersion: 10.0.16299.15
38694.664: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
39694.664: FileDescription: Windows NT BASE API Client DLL
40694.664: \SystemRoot\System32\KernelBase.dll:
41694.664: CreationTime: 2018-02-23T04:11:38.291467900Z
42694.664: LastWriteTime: 2018-02-10T06:15:53.408982400Z
43694.664: ChangeTime: 2018-02-23T04:21:03.110583500Z
44694.664: FileAttributes: 0x20
45694.664: Size: 0x266000
46694.664: NT Headers: 0xf0
47694.664: Timestamp: 0x4414ec23
48694.664: Machine: 0x8664 - amd64
49694.664: Timestamp: 0x4414ec23
50694.664: Image Version: 10.0
51694.664: SizeOfImage: 0x266000 (2514944)
52694.664: Resource Dir: 0x245000 LB 0x548
53694.664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54694.664: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55694.664: ProductName: Microsoft® Windows® Operating System
56694.664: ProductVersion: 10.0.16299.248
57694.664: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
58694.664: FileDescription: Windows NT BASE API Client DLL
59694.664: \SystemRoot\System32\apisetschema.dll:
60694.664: CreationTime: 2017-09-29T13:42:07.095026600Z
61694.664: LastWriteTime: 2017-09-29T13:42:07.095026600Z
62694.664: ChangeTime: 2018-02-23T04:13:40.303890400Z
63694.664: FileAttributes: 0x20
64694.664: Size: 0x1b398
65694.664: NT Headers: 0xc8
66694.664: Timestamp: 0xf30abf31
67694.664: Machine: 0x8664 - amd64
68694.664: Timestamp: 0xf30abf31
69694.664: Image Version: 10.0
70694.664: SizeOfImage: 0x1c000 (114688)
71694.664: Resource Dir: 0x1b000 LB 0x408
72694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73694.664: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74694.664: ProductName: Microsoft® Windows® Operating System
75694.664: ProductVersion: 10.0.16299.15
76694.664: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
77694.664: FileDescription: ApiSet Schema DLL
78694.664: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79694.664: supR3HardenedWinFindAdversaries: 0x4
80694.664: \SystemRoot\System32\drivers\aswHwid.sys:
81694.664: CreationTime: 2017-11-23T07:05:11.310344500Z
82694.664: LastWriteTime: 2018-02-23T04:13:02.796477700Z
83694.664: ChangeTime: 2018-02-23T04:13:06.465824500Z
84694.664: FileAttributes: 0x20
85694.664: Size: 0xb778
86694.664: NT Headers: 0xf0
87694.664: Timestamp: 0x5a720733
88694.664: Machine: 0x8664 - amd64
89694.664: Timestamp: 0x5a720733
90694.664: Image Version: 6.0
91694.664: SizeOfImage: 0xa000 (40960)
92694.664: Resource Dir: 0x8000 LB 0x388
93694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94694.664: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
95694.664: ProductName: Avast Antivirus
96694.664: ProductVersion: 18.1.3792.0
97694.664: FileVersion: 18.1.3792.0
98694.664: FileDescription: Avast HWID
99694.664: \SystemRoot\System32\drivers\aswMonFlt.sys:
100694.664: CreationTime: 2017-11-23T07:05:11.311334100Z
101694.664: LastWriteTime: 2018-02-23T04:13:02.808512200Z
102694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
103694.664: FileAttributes: 0x20
104694.664: Size: 0x23cd8
105694.664: NT Headers: 0xe0
106694.664: Timestamp: 0x5a720b51
107694.664: Machine: 0x8664 - amd64
108694.664: Timestamp: 0x5a720b51
109694.664: Image Version: 6.0
110694.664: SizeOfImage: 0x27000 (159744)
111694.664: Resource Dir: 0x25000 LB 0x3b0
112694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
113694.664: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
114694.664: ProductName: Avast Antivirus
115694.664: ProductVersion: 18.1.3792.0
116694.664: FileVersion: 18.1.3792.0
117694.664: FileDescription: Avast File System Minifilter for Windows 2003/Vista
118694.664: \SystemRoot\System32\drivers\aswRdr2.sys:
119694.664: CreationTime: 2017-11-23T07:05:11.314353200Z
120694.664: LastWriteTime: 2018-02-23T04:13:02.619089900Z
121694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
122694.664: FileAttributes: 0x20
123694.664: Size: 0x1aef8
124694.664: NT Headers: 0xe8
125694.664: Timestamp: 0x5a720751
126694.664: Machine: 0x8664 - amd64
127694.664: Timestamp: 0x5a720751
128694.664: Image Version: 6.1
129694.664: SizeOfImage: 0x1a000 (106496)
130694.664: Resource Dir: 0x18000 LB 0x398
131694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
132694.664: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
133694.664: ProductName: Avast Antivirus
134694.664: ProductVersion: 18.1.3792.0
135694.664: FileVersion: 18.1.3792.0 built by: WinDDK
136694.664: FileDescription: Avast WFP Redirect Driver
137694.664: \SystemRoot\System32\drivers\aswRvrt.sys:
138694.664: CreationTime: 2017-11-23T07:05:11.315342800Z
139694.664: LastWriteTime: 2018-02-23T04:13:02.819527300Z
140694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
141694.664: FileAttributes: 0x20
142694.664: Size: 0x14990
143694.664: NT Headers: 0xe0
144694.664: Timestamp: 0x5a720734
145694.664: Machine: 0x8664 - amd64
146694.664: Timestamp: 0x5a720734
147694.664: Image Version: 6.0
148694.664: SizeOfImage: 0x13000 (77824)
149694.664: Resource Dir: 0x11000 LB 0x388
150694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
151694.664: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
152694.664: ProductName: Avast Antivirus
153694.664: ProductVersion: 18.1.3792.0
154694.664: FileVersion: 18.1.3792.0
155694.664: FileDescription: Avast Revert
156694.664: \SystemRoot\System32\drivers\aswSnx.sys:
157694.664: CreationTime: 2017-11-23T07:05:11.317347300Z
158694.664: LastWriteTime: 2018-02-23T04:12:57.138105800Z
159694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
160694.664: FileAttributes: 0x20
161694.664: Size: 0xfaa88
162694.664: NT Headers: 0xe8
163694.664: Timestamp: 0x5a720752
164694.664: Machine: 0x8664 - amd64
165694.664: Timestamp: 0x5a720752
166694.664: Image Version: 6.0
167694.664: SizeOfImage: 0xf8000 (1015808)
168694.664: Resource Dir: 0xf0000 LB 0x378
169694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
170694.664: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
171694.664: ProductName: Avast Antivirus
172694.664: ProductVersion: 18.1.3792.0
173694.664: FileVersion: 18.1.3792.0
174694.664: FileDescription: Avast Virtualization Driver
175694.664: \SystemRoot\System32\drivers\aswsp.sys:
176694.664: CreationTime: 2017-11-23T07:05:11.319351400Z
177694.664: LastWriteTime: 2018-02-23T04:13:02.845593300Z
178694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
179694.664: FileAttributes: 0x20
180694.664: Size: 0x704b0
181694.664: NT Headers: 0xe8
182694.664: Timestamp: 0x5a720b65
183694.664: Machine: 0x8664 - amd64
184694.664: Timestamp: 0x5a720b65
185694.664: Image Version: 6.0
186694.664: SizeOfImage: 0x71000 (462848)
187694.664: Resource Dir: 0x6f000 LB 0x370
188694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
189694.664: [Raw version resource data: 0x6f060 LB 0x310, codepage 0x0 (reserved 0x0)]
190694.664: ProductName: Avast Antivirus
191694.664: ProductVersion: 18.1.3792.0
192694.664: FileVersion: 18.1.3792.0
193694.664: FileDescription: Avast self protection module
194694.664: \SystemRoot\System32\drivers\aswStm.sys:
195694.664: CreationTime: 2017-11-23T07:05:11.323372900Z
196694.664: LastWriteTime: 2018-02-23T04:13:03.002936200Z
197694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
198694.664: FileAttributes: 0x20
199694.664: Size: 0x32298
200694.664: NT Headers: 0x108
201694.664: Timestamp: 0x5a720dbf
202694.664: Machine: 0x8664 - amd64
203694.664: Timestamp: 0x5a720dbf
204694.664: Image Version: 10.0
205694.664: SizeOfImage: 0x32000 (204800)
206694.664: Resource Dir: 0x30000 LB 0x350
207694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
208694.664: [Raw version resource data: 0x30060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
209694.664: ProductName: Avast Antivirus
210694.664: ProductVersion: 18.1.3792.0
211694.664: FileVersion: 18.1.3792.0
212694.664: FileDescription: Stream Filter
213694.664: \SystemRoot\System32\drivers\aswVmm.sys:
214694.664: CreationTime: 2017-11-23T07:05:11.325377400Z
215694.664: LastWriteTime: 2018-02-23T04:13:02.872652500Z
216694.664: ChangeTime: 2018-02-23T04:13:06.466826400Z
217694.664: FileAttributes: 0x20
218694.664: Size: 0x5ca38
219694.664: NT Headers: 0xe8
220694.664: Timestamp: 0x5a720b53
221694.664: Machine: 0x8664 - amd64
222694.664: Timestamp: 0x5a720b53
223694.664: Image Version: 6.0
224694.664: SizeOfImage: 0x5a000 (368640)
225694.664: Resource Dir: 0x57000 LB 0x390
226694.664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
227694.664: [Raw version resource data: 0x57060 LB 0x330, codepage 0x0 (reserved 0x0)]
228694.664: ProductName: Avast Antivirus
229694.664: ProductVersion: 18.1.3792.0
230694.664: FileVersion: 18.1.3792.0
231694.664: FileDescription: Avast VM Monitor
232694.664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
233694.664: Calling main()
234694.664: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
235694.664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
236694.664: SUPR3HardenedMain: Respawn #1
237694.664: System32: \Device\HarddiskVolume4\Windows\System32
238694.664: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
239694.664: KnownDllPath: C:\WINDOWS\System32
240694.664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
241694.664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
242694.664: supR3HardNtEnableThreadCreation:
243694.664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcda7d91e0 pvNtTerminateThread=00007ffcda8008d0
244694.664: supR3HardenedWinDoReSpawn(1): New child 35a4.399c [kernel32].
245694.664: supR3HardNtChildGatherData: PebBaseAddress=000000000045f000 cbPeb=0x388
246694.664: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcda760000 uNtDllChildAddr=00007ffcda760000
247694.664: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcda7d91e0
248694.664: supR3HardenedWinSetupChildInit: Start child.
249694.664: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
250694.664: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 62 sleeps
251694.664: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
252694.664: *0000000000000000-000000000023ffff 0x0001/0x0000 0x0000000
253694.664: *0000000000240000-000000000025ffff 0x0004/0x0004 0x0020000
254694.664: *0000000000260000-0000000000278fff 0x0002/0x0002 0x0040000
255694.664: 0000000000279000-000000000027ffff 0x0001/0x0000 0x0000000
256694.664: *0000000000280000-000000000037afff 0x0000/0x0004 0x0020000
257694.664: 000000000037b000-000000000037dfff 0x0104/0x0004 0x0020000
258694.664: 000000000037e000-000000000037ffff 0x0004/0x0004 0x0020000
259694.664: *0000000000380000-0000000000383fff 0x0002/0x0002 0x0040000
260694.664: 0000000000384000-000000000038ffff 0x0001/0x0000 0x0000000
261694.664: *0000000000390000-0000000000390fff 0x0004/0x0004 0x0020000
262694.664: 0000000000391000-00000000003fffff 0x0001/0x0000 0x0000000
263694.664: *0000000000400000-000000000045efff 0x0000/0x0004 0x0020000
264694.664: 000000000045f000-0000000000461fff 0x0004/0x0004 0x0020000
265694.664: 0000000000462000-00000000005fffff 0x0000/0x0004 0x0020000
266694.664: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
267694.664: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
268694.664: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
269694.664: 000000007fff0000-00007ff7f40dffff 0x0001/0x0000 0x0000000
270694.664: *00007ff7f40e0000-00007ff7f4112fff 0x0002/0x0002 0x0040000
271694.664: 00007ff7f4113000-00007ff7f46effff 0x0001/0x0000 0x0000000
272694.664: *00007ff7f46f0000-00007ff7f46f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
273694.664: 00007ff7f46f1000-00007ff7f4761fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
274694.664: 00007ff7f4762000-00007ff7f4762fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
275694.664: 00007ff7f4763000-00007ff7f47a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
276694.664: 00007ff7f47a9000-00007ff7f47a9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
277694.664: 00007ff7f47aa000-00007ff7f47aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
278694.664: 00007ff7f47ab000-00007ff7f47affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
279694.664: 00007ff7f47b0000-00007ff7f47b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
280694.664: 00007ff7f47b1000-00007ff7f47b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
281694.664: 00007ff7f47b2000-00007ff7f47b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
282694.664: 00007ff7f47b6000-00007ff7f47fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
283694.664: 00007ff7f47fe000-00007ffcda75ffff 0x0001/0x0000 0x0000000
284694.664: *00007ffcda760000-00007ffcda760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
285694.664: 00007ffcda761000-00007ffcda872fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
286694.664: 00007ffcda873000-00007ffcda8b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
287694.664: 00007ffcda8b9000-00007ffcda8c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
288694.664: 00007ffcda8c1000-00007ffcda8cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
289694.664: 00007ffcda8cf000-00007ffcda8cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
290694.664: 00007ffcda8d0000-00007ffcda8d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
291694.664: 00007ffcda8d3000-00007ffcda93ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
292694.664: 00007ffcda940000-00007ffffffdffff 0x0001/0x0000 0x0000000
293694.664: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
294694.664: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
295694.664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
296694.664: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
297694.664: supR3HardNtChildPurify: Done after 544 ms and 0 fixes (loop #0).
29835a4.399c: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
299694.664: supR3HardNtEnableThreadCreation:
30035a4.399c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcda760000 g_uNtVerCombined=0xa03fab00
30135a4.399c: ntdll.dll: timestamp 0xeffc9126 (rc=VINF_SUCCESS)
30235a4.399c: New simple heap: #1 0000000000700000 LB 0x400000 (for 1966080 allocation)
30335a4.399c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
30435a4.399c: System32: \Device\HarddiskVolume4\Windows\System32
30535a4.399c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
30635a4.399c: KnownDllPath: C:\WINDOWS\System32
30735a4.399c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
30835a4.399c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
30935a4.399c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
31035a4.399c: Registered Dll notification callback with NTDLL.
31135a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
31235a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
31335a4.399c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
31435a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcd7870000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
31535a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
31635a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
31735a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcd8550000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
31835a4.399c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31935a4.399c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8550000 'C:\WINDOWS\System32\KERNEL32.DLL'
32035a4.399c: supR3HardenedDllNotificationCallback: load 00007ff7f46f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
32135a4.399c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
32235a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
32335a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32435a4.399c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcda7d91e0 pvNtTerminateThread=00007ffcda8008d0
325694.664: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
32635a4.399c: \SystemRoot\System32\ntdll.dll:
32735a4.399c: CreationTime: 2018-02-23T04:11:55.406888700Z
32835a4.399c: LastWriteTime: 2018-02-10T06:15:34.902092600Z
32935a4.399c: ChangeTime: 2018-02-23T04:21:03.955048800Z
33035a4.399c: FileAttributes: 0x20
33135a4.399c: Size: 0x1dd100
33235a4.399c: NT Headers: 0xe0
33335a4.399c: Timestamp: 0xeffc9126
33435a4.399c: Machine: 0x8664 - amd64
33535a4.399c: Timestamp: 0xeffc9126
33635a4.399c: Image Version: 10.0
33735a4.399c: SizeOfImage: 0x1e0000 (1966080)
33835a4.399c: Resource Dir: 0x174000 LB 0x6a1d8
33935a4.399c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
34035a4.399c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
34135a4.399c: ProductName: Microsoft® Windows® Operating System
34235a4.399c: ProductVersion: 10.0.16299.248
34335a4.399c: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
34435a4.399c: FileDescription: NT Layer DLL
34535a4.399c: \SystemRoot\System32\kernel32.dll:
34635a4.399c: CreationTime: 2017-09-29T13:42:04.954227600Z
34735a4.399c: LastWriteTime: 2017-09-29T13:42:04.954227600Z
34835a4.399c: ChangeTime: 2017-11-23T07:15:14.073851000Z
34935a4.399c: FileAttributes: 0x20
35035a4.399c: Size: 0xab868
35135a4.399c: NT Headers: 0xe8
35235a4.399c: Timestamp: 0xc2cf900
35335a4.399c: Machine: 0x8664 - amd64
35435a4.399c: Timestamp: 0xc2cf900
35535a4.399c: Image Version: 10.0
35635a4.399c: SizeOfImage: 0xae000 (712704)
35735a4.399c: Resource Dir: 0xac000 LB 0x520
35835a4.399c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35935a4.399c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36035a4.399c: ProductName: Microsoft® Windows® Operating System
36135a4.399c: ProductVersion: 10.0.16299.15
36235a4.399c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
36335a4.399c: FileDescription: Windows NT BASE API Client DLL
36435a4.399c: \SystemRoot\System32\KernelBase.dll:
36535a4.399c: CreationTime: 2018-02-23T04:11:38.291467900Z
36635a4.399c: LastWriteTime: 2018-02-10T06:15:53.408982400Z
36735a4.399c: ChangeTime: 2018-02-23T04:21:03.110583500Z
36835a4.399c: FileAttributes: 0x20
36935a4.399c: Size: 0x266000
37035a4.399c: NT Headers: 0xf0
37135a4.399c: Timestamp: 0x4414ec23
37235a4.399c: Machine: 0x8664 - amd64
37335a4.399c: Timestamp: 0x4414ec23
37435a4.399c: Image Version: 10.0
37535a4.399c: SizeOfImage: 0x266000 (2514944)
37635a4.399c: Resource Dir: 0x245000 LB 0x548
37735a4.399c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
37835a4.399c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
37935a4.399c: ProductName: Microsoft® Windows® Operating System
38035a4.399c: ProductVersion: 10.0.16299.248
38135a4.399c: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
38235a4.399c: FileDescription: Windows NT BASE API Client DLL
38335a4.399c: \SystemRoot\System32\apisetschema.dll:
38435a4.399c: CreationTime: 2017-09-29T13:42:07.095026600Z
38535a4.399c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
38635a4.399c: ChangeTime: 2018-02-23T04:13:40.303890400Z
38735a4.399c: FileAttributes: 0x20
38835a4.399c: Size: 0x1b398
38935a4.399c: NT Headers: 0xc8
39035a4.399c: Timestamp: 0xf30abf31
39135a4.399c: Machine: 0x8664 - amd64
39235a4.399c: Timestamp: 0xf30abf31
39335a4.399c: Image Version: 10.0
39435a4.399c: SizeOfImage: 0x1c000 (114688)
39535a4.399c: Resource Dir: 0x1b000 LB 0x408
39635a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
39735a4.399c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
39835a4.399c: ProductName: Microsoft® Windows® Operating System
39935a4.399c: ProductVersion: 10.0.16299.15
40035a4.399c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
40135a4.399c: FileDescription: ApiSet Schema DLL
40235a4.399c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
40335a4.399c: supR3HardenedWinFindAdversaries: 0x4
40435a4.399c: \SystemRoot\System32\drivers\aswHwid.sys:
40535a4.399c: CreationTime: 2017-11-23T07:05:11.310344500Z
40635a4.399c: LastWriteTime: 2018-02-23T04:13:02.796477700Z
40735a4.399c: ChangeTime: 2018-02-23T04:13:06.465824500Z
40835a4.399c: FileAttributes: 0x20
40935a4.399c: Size: 0xb778
41035a4.399c: NT Headers: 0xf0
41135a4.399c: Timestamp: 0x5a720733
41235a4.399c: Machine: 0x8664 - amd64
41335a4.399c: Timestamp: 0x5a720733
41435a4.399c: Image Version: 6.0
41535a4.399c: SizeOfImage: 0xa000 (40960)
41635a4.399c: Resource Dir: 0x8000 LB 0x388
41735a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
41835a4.399c: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
41935a4.399c: ProductName: Avast Antivirus
42035a4.399c: ProductVersion: 18.1.3792.0
42135a4.399c: FileVersion: 18.1.3792.0
42235a4.399c: FileDescription: Avast HWID
42335a4.399c: \SystemRoot\System32\drivers\aswMonFlt.sys:
42435a4.399c: CreationTime: 2017-11-23T07:05:11.311334100Z
42535a4.399c: LastWriteTime: 2018-02-23T04:13:02.808512200Z
42635a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
42735a4.399c: FileAttributes: 0x20
42835a4.399c: Size: 0x23cd8
42935a4.399c: NT Headers: 0xe0
43035a4.399c: Timestamp: 0x5a720b51
43135a4.399c: Machine: 0x8664 - amd64
43235a4.399c: Timestamp: 0x5a720b51
43335a4.399c: Image Version: 6.0
43435a4.399c: SizeOfImage: 0x27000 (159744)
43535a4.399c: Resource Dir: 0x25000 LB 0x3b0
43635a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
43735a4.399c: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
43835a4.399c: ProductName: Avast Antivirus
43935a4.399c: ProductVersion: 18.1.3792.0
44035a4.399c: FileVersion: 18.1.3792.0
44135a4.399c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
44235a4.399c: \SystemRoot\System32\drivers\aswRdr2.sys:
44335a4.399c: CreationTime: 2017-11-23T07:05:11.314353200Z
44435a4.399c: LastWriteTime: 2018-02-23T04:13:02.619089900Z
44535a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
44635a4.399c: FileAttributes: 0x20
44735a4.399c: Size: 0x1aef8
44835a4.399c: NT Headers: 0xe8
44935a4.399c: Timestamp: 0x5a720751
45035a4.399c: Machine: 0x8664 - amd64
45135a4.399c: Timestamp: 0x5a720751
45235a4.399c: Image Version: 6.1
45335a4.399c: SizeOfImage: 0x1a000 (106496)
45435a4.399c: Resource Dir: 0x18000 LB 0x398
45535a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
45635a4.399c: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
45735a4.399c: ProductName: Avast Antivirus
45835a4.399c: ProductVersion: 18.1.3792.0
45935a4.399c: FileVersion: 18.1.3792.0 built by: WinDDK
46035a4.399c: FileDescription: Avast WFP Redirect Driver
46135a4.399c: \SystemRoot\System32\drivers\aswRvrt.sys:
46235a4.399c: CreationTime: 2017-11-23T07:05:11.315342800Z
46335a4.399c: LastWriteTime: 2018-02-23T04:13:02.819527300Z
46435a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
46535a4.399c: FileAttributes: 0x20
46635a4.399c: Size: 0x14990
46735a4.399c: NT Headers: 0xe0
46835a4.399c: Timestamp: 0x5a720734
46935a4.399c: Machine: 0x8664 - amd64
47035a4.399c: Timestamp: 0x5a720734
47135a4.399c: Image Version: 6.0
47235a4.399c: SizeOfImage: 0x13000 (77824)
47335a4.399c: Resource Dir: 0x11000 LB 0x388
47435a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
47535a4.399c: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
47635a4.399c: ProductName: Avast Antivirus
47735a4.399c: ProductVersion: 18.1.3792.0
47835a4.399c: FileVersion: 18.1.3792.0
47935a4.399c: FileDescription: Avast Revert
48035a4.399c: \SystemRoot\System32\drivers\aswSnx.sys:
48135a4.399c: CreationTime: 2017-11-23T07:05:11.317347300Z
48235a4.399c: LastWriteTime: 2018-02-23T04:12:57.138105800Z
48335a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
48435a4.399c: FileAttributes: 0x20
48535a4.399c: Size: 0xfaa88
48635a4.399c: NT Headers: 0xe8
48735a4.399c: Timestamp: 0x5a720752
48835a4.399c: Machine: 0x8664 - amd64
48935a4.399c: Timestamp: 0x5a720752
49035a4.399c: Image Version: 6.0
49135a4.399c: SizeOfImage: 0xf8000 (1015808)
49235a4.399c: Resource Dir: 0xf0000 LB 0x378
49335a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
49435a4.399c: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
49535a4.399c: ProductName: Avast Antivirus
49635a4.399c: ProductVersion: 18.1.3792.0
49735a4.399c: FileVersion: 18.1.3792.0
49835a4.399c: FileDescription: Avast Virtualization Driver
49935a4.399c: \SystemRoot\System32\drivers\aswsp.sys:
50035a4.399c: CreationTime: 2017-11-23T07:05:11.319351400Z
50135a4.399c: LastWriteTime: 2018-02-23T04:13:02.845593300Z
50235a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
50335a4.399c: FileAttributes: 0x20
50435a4.399c: Size: 0x704b0
50535a4.399c: NT Headers: 0xe8
50635a4.399c: Timestamp: 0x5a720b65
50735a4.399c: Machine: 0x8664 - amd64
50835a4.399c: Timestamp: 0x5a720b65
50935a4.399c: Image Version: 6.0
51035a4.399c: SizeOfImage: 0x71000 (462848)
51135a4.399c: Resource Dir: 0x6f000 LB 0x370
51235a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
51335a4.399c: [Raw version resource data: 0x6f060 LB 0x310, codepage 0x0 (reserved 0x0)]
51435a4.399c: ProductName: Avast Antivirus
51535a4.399c: ProductVersion: 18.1.3792.0
51635a4.399c: FileVersion: 18.1.3792.0
51735a4.399c: FileDescription: Avast self protection module
51835a4.399c: \SystemRoot\System32\drivers\aswStm.sys:
51935a4.399c: CreationTime: 2017-11-23T07:05:11.323372900Z
52035a4.399c: LastWriteTime: 2018-02-23T04:13:03.002936200Z
52135a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
52235a4.399c: FileAttributes: 0x20
52335a4.399c: Size: 0x32298
52435a4.399c: NT Headers: 0x108
52535a4.399c: Timestamp: 0x5a720dbf
52635a4.399c: Machine: 0x8664 - amd64
52735a4.399c: Timestamp: 0x5a720dbf
52835a4.399c: Image Version: 10.0
52935a4.399c: SizeOfImage: 0x32000 (204800)
53035a4.399c: Resource Dir: 0x30000 LB 0x350
53135a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
53235a4.399c: [Raw version resource data: 0x30060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
53335a4.399c: ProductName: Avast Antivirus
53435a4.399c: ProductVersion: 18.1.3792.0
53535a4.399c: FileVersion: 18.1.3792.0
53635a4.399c: FileDescription: Stream Filter
53735a4.399c: \SystemRoot\System32\drivers\aswVmm.sys:
53835a4.399c: CreationTime: 2017-11-23T07:05:11.325377400Z
53935a4.399c: LastWriteTime: 2018-02-23T04:13:02.872652500Z
54035a4.399c: ChangeTime: 2018-02-23T04:13:06.466826400Z
54135a4.399c: FileAttributes: 0x20
54235a4.399c: Size: 0x5ca38
54335a4.399c: NT Headers: 0xe8
54435a4.399c: Timestamp: 0x5a720b53
54535a4.399c: Machine: 0x8664 - amd64
54635a4.399c: Timestamp: 0x5a720b53
54735a4.399c: Image Version: 6.0
54835a4.399c: SizeOfImage: 0x5a000 (368640)
54935a4.399c: Resource Dir: 0x57000 LB 0x390
55035a4.399c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
55135a4.399c: [Raw version resource data: 0x57060 LB 0x330, codepage 0x0 (reserved 0x0)]
55235a4.399c: ProductName: Avast Antivirus
55335a4.399c: ProductVersion: 18.1.3792.0
55435a4.399c: FileVersion: 18.1.3792.0
55535a4.399c: FileDescription: Avast VM Monitor
55635a4.399c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
55735a4.399c: Calling main()
55835a4.399c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
55935a4.399c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
56035a4.399c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
56135a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
56235a4.399c: SUPR3HardenedMain: Respawn #2
56335a4.399c: supR3HardNtEnableThreadCreation:
56435a4.399c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
56535a4.399c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
56635a4.399c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
56735a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
56835a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
56935a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57035a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57135a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
57235a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
57335a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
57435a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
57535a4.399c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
57635a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
57735a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
57835a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
57935a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58035a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
58135a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
58235a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58335a4.399c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58435a4.399c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
58535a4.399c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
58635a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcd7ed0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
58735a4.399c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
58835a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcd8930000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
58935a4.399c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
59035a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcd8600000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
59135a4.399c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
59235a4.399c: supR3HardenedDllNotificationCallback: load 00007ffcda4a0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
59335a4.399c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
59435a4.399c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda4a0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
59535a4.399c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
59635a4.399c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
59735a4.399c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
59835a4.399c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
59935a4.399c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda760000 'C:\WINDOWS\System32\ntdll.dll'
60035a4.399c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcda7d91e0 pvNtTerminateThread=00007ffcda8008d0
60135a4.399c: supR3HardenedWinDoReSpawn(2): New child 22c4.2160 [kernel32].
60235a4.399c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
60335a4.399c: supR3HardNtChildGatherData: PebBaseAddress=0000000000e59000 cbPeb=0x388
60435a4.399c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcda760000 uNtDllChildAddr=00007ffcda760000
60535a4.399c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcda7d91e0
60635a4.399c: supR3HardenedWinSetupChildInit: Start child.
60735a4.399c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
60835a4.399c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 61 sleeps
60935a4.399c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
61035a4.399c: *0000000000000000-0000000000d5ffff 0x0001/0x0000 0x0000000
61135a4.399c: *0000000000d60000-0000000000d7ffff 0x0004/0x0004 0x0020000
61235a4.399c: *0000000000d80000-0000000000d98fff 0x0002/0x0002 0x0040000
61335a4.399c: 0000000000d99000-0000000000d9ffff 0x0001/0x0000 0x0000000
61435a4.399c: *0000000000da0000-0000000000da3fff 0x0002/0x0002 0x0040000
61535a4.399c: 0000000000da4000-0000000000daffff 0x0001/0x0000 0x0000000
61635a4.399c: *0000000000db0000-0000000000db0fff 0x0004/0x0004 0x0020000
61735a4.399c: 0000000000db1000-0000000000dfffff 0x0001/0x0000 0x0000000
61835a4.399c: *0000000000e00000-0000000000e58fff 0x0000/0x0004 0x0020000
61935a4.399c: 0000000000e59000-0000000000e5bfff 0x0004/0x0004 0x0020000
62035a4.399c: 0000000000e5c000-0000000000ffffff 0x0000/0x0004 0x0020000
62135a4.399c: *0000000001000000-00000000010fafff 0x0000/0x0004 0x0020000
62235a4.399c: 00000000010fb000-00000000010fdfff 0x0104/0x0004 0x0020000
62335a4.399c: 00000000010fe000-00000000010fffff 0x0004/0x0004 0x0020000
62435a4.399c: 0000000001100000-000000007ffdffff 0x0001/0x0000 0x0000000
62535a4.399c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
62635a4.399c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
62735a4.399c: 000000007fff0000-00007ff7f3b4ffff 0x0001/0x0000 0x0000000
62835a4.399c: *00007ff7f3b50000-00007ff7f3b82fff 0x0002/0x0002 0x0040000
62935a4.399c: 00007ff7f3b83000-00007ff7f46effff 0x0001/0x0000 0x0000000
63035a4.399c: *00007ff7f46f0000-00007ff7f46f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63135a4.399c: 00007ff7f46f1000-00007ff7f4761fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63235a4.399c: 00007ff7f4762000-00007ff7f4762fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63335a4.399c: 00007ff7f4763000-00007ff7f47a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63435a4.399c: 00007ff7f47a9000-00007ff7f47a9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63535a4.399c: 00007ff7f47aa000-00007ff7f47aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63635a4.399c: 00007ff7f47ab000-00007ff7f47affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63735a4.399c: 00007ff7f47b0000-00007ff7f47b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63835a4.399c: 00007ff7f47b1000-00007ff7f47b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
63935a4.399c: 00007ff7f47b2000-00007ff7f47b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
64035a4.399c: 00007ff7f47b6000-00007ff7f47fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
64135a4.399c: 00007ff7f47fe000-00007ffcda75ffff 0x0001/0x0000 0x0000000
64235a4.399c: *00007ffcda760000-00007ffcda760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64335a4.399c: 00007ffcda761000-00007ffcda872fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64435a4.399c: 00007ffcda873000-00007ffcda8b8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64535a4.399c: 00007ffcda8b9000-00007ffcda8c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64635a4.399c: 00007ffcda8c1000-00007ffcda8cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64735a4.399c: 00007ffcda8cf000-00007ffcda8cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64835a4.399c: 00007ffcda8d0000-00007ffcda8d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
64935a4.399c: 00007ffcda8d3000-00007ffcda93ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
65035a4.399c: 00007ffcda940000-00007ffffffdffff 0x0001/0x0000 0x0000000
65135a4.399c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
65235a4.399c: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
65335a4.399c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
65435a4.399c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
65535a4.399c: supR3HardNtChildPurify: Done after 544 ms and 0 fixes (loop #0).
65635a4.399c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
65722c4.2160: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
65835a4.399c: supR3HardNtEnableThreadCreation:
65922c4.2160: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcda760000 g_uNtVerCombined=0xa03fab00
66022c4.2160: ntdll.dll: timestamp 0xeffc9126 (rc=VINF_SUCCESS)
66122c4.2160: New simple heap: #1 0000000001200000 LB 0x400000 (for 1966080 allocation)
66222c4.2160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
66322c4.2160: System32: \Device\HarddiskVolume4\Windows\System32
66422c4.2160: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
66522c4.2160: KnownDllPath: C:\WINDOWS\System32
66622c4.2160: supR3HardenedVmProcessInit: Opening vboxdrv...
66722c4.2160: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
66822c4.2160: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
66922c4.2160: Registered Dll notification callback with NTDLL.
67022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
67122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
67222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
67322c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7870000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
67422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
67522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
67622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd8550000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
67722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
67822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8550000 'C:\WINDOWS\System32\KERNEL32.DLL'
67922c4.2160: supR3HardenedDllNotificationCallback: load 00007ff7f46f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
68022c4.2160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
68122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
68222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
68322c4.2160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcda7d91e0 pvNtTerminateThread=00007ffcda8008d0
68435a4.399c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 68 ms.
68522c4.2160: \SystemRoot\System32\ntdll.dll:
68622c4.2160: CreationTime: 2018-02-23T04:11:55.406888700Z
68722c4.2160: LastWriteTime: 2018-02-10T06:15:34.902092600Z
68822c4.2160: ChangeTime: 2018-02-23T04:21:03.955048800Z
68922c4.2160: FileAttributes: 0x20
69022c4.2160: Size: 0x1dd100
69122c4.2160: NT Headers: 0xe0
69222c4.2160: Timestamp: 0xeffc9126
69322c4.2160: Machine: 0x8664 - amd64
69422c4.2160: Timestamp: 0xeffc9126
69522c4.2160: Image Version: 10.0
69622c4.2160: SizeOfImage: 0x1e0000 (1966080)
69722c4.2160: Resource Dir: 0x174000 LB 0x6a1d8
69822c4.2160: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
69922c4.2160: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
70022c4.2160: ProductName: Microsoft® Windows® Operating System
70122c4.2160: ProductVersion: 10.0.16299.248
70222c4.2160: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
70322c4.2160: FileDescription: NT Layer DLL
70422c4.2160: \SystemRoot\System32\kernel32.dll:
70522c4.2160: CreationTime: 2017-09-29T13:42:04.954227600Z
70622c4.2160: LastWriteTime: 2017-09-29T13:42:04.954227600Z
70722c4.2160: ChangeTime: 2017-11-23T07:15:14.073851000Z
70822c4.2160: FileAttributes: 0x20
70922c4.2160: Size: 0xab868
71022c4.2160: NT Headers: 0xe8
71122c4.2160: Timestamp: 0xc2cf900
71222c4.2160: Machine: 0x8664 - amd64
71322c4.2160: Timestamp: 0xc2cf900
71422c4.2160: Image Version: 10.0
71522c4.2160: SizeOfImage: 0xae000 (712704)
71622c4.2160: Resource Dir: 0xac000 LB 0x520
71722c4.2160: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
71822c4.2160: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
71922c4.2160: ProductName: Microsoft® Windows® Operating System
72022c4.2160: ProductVersion: 10.0.16299.15
72122c4.2160: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
72222c4.2160: FileDescription: Windows NT BASE API Client DLL
72322c4.2160: \SystemRoot\System32\KernelBase.dll:
72422c4.2160: CreationTime: 2018-02-23T04:11:38.291467900Z
72522c4.2160: LastWriteTime: 2018-02-10T06:15:53.408982400Z
72622c4.2160: ChangeTime: 2018-02-23T04:21:03.110583500Z
72722c4.2160: FileAttributes: 0x20
72822c4.2160: Size: 0x266000
72922c4.2160: NT Headers: 0xf0
73022c4.2160: Timestamp: 0x4414ec23
73122c4.2160: Machine: 0x8664 - amd64
73222c4.2160: Timestamp: 0x4414ec23
73322c4.2160: Image Version: 10.0
73422c4.2160: SizeOfImage: 0x266000 (2514944)
73522c4.2160: Resource Dir: 0x245000 LB 0x548
73622c4.2160: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
73722c4.2160: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
73822c4.2160: ProductName: Microsoft® Windows® Operating System
73922c4.2160: ProductVersion: 10.0.16299.248
74022c4.2160: FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
74122c4.2160: FileDescription: Windows NT BASE API Client DLL
74222c4.2160: \SystemRoot\System32\apisetschema.dll:
74322c4.2160: CreationTime: 2017-09-29T13:42:07.095026600Z
74422c4.2160: LastWriteTime: 2017-09-29T13:42:07.095026600Z
74522c4.2160: ChangeTime: 2018-02-23T04:13:40.303890400Z
74622c4.2160: FileAttributes: 0x20
74722c4.2160: Size: 0x1b398
74822c4.2160: NT Headers: 0xc8
74922c4.2160: Timestamp: 0xf30abf31
75022c4.2160: Machine: 0x8664 - amd64
75122c4.2160: Timestamp: 0xf30abf31
75222c4.2160: Image Version: 10.0
75322c4.2160: SizeOfImage: 0x1c000 (114688)
75422c4.2160: Resource Dir: 0x1b000 LB 0x408
75522c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
75622c4.2160: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
75722c4.2160: ProductName: Microsoft® Windows® Operating System
75822c4.2160: ProductVersion: 10.0.16299.15
75922c4.2160: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
76022c4.2160: FileDescription: ApiSet Schema DLL
76122c4.2160: NtOpenDirectoryObject failed on \Driver: 0xc0000022
76222c4.2160: supR3HardenedWinFindAdversaries: 0x4
76322c4.2160: \SystemRoot\System32\drivers\aswHwid.sys:
76422c4.2160: CreationTime: 2017-11-23T07:05:11.310344500Z
76522c4.2160: LastWriteTime: 2018-02-23T04:13:02.796477700Z
76622c4.2160: ChangeTime: 2018-02-23T04:13:06.465824500Z
76722c4.2160: FileAttributes: 0x20
76822c4.2160: Size: 0xb778
76922c4.2160: NT Headers: 0xf0
77022c4.2160: Timestamp: 0x5a720733
77122c4.2160: Machine: 0x8664 - amd64
77222c4.2160: Timestamp: 0x5a720733
77322c4.2160: Image Version: 6.0
77422c4.2160: SizeOfImage: 0xa000 (40960)
77522c4.2160: Resource Dir: 0x8000 LB 0x388
77622c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
77722c4.2160: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
77822c4.2160: ProductName: Avast Antivirus
77922c4.2160: ProductVersion: 18.1.3792.0
78022c4.2160: FileVersion: 18.1.3792.0
78122c4.2160: FileDescription: Avast HWID
78222c4.2160: \SystemRoot\System32\drivers\aswMonFlt.sys:
78322c4.2160: CreationTime: 2017-11-23T07:05:11.311334100Z
78422c4.2160: LastWriteTime: 2018-02-23T04:13:02.808512200Z
78522c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
78622c4.2160: FileAttributes: 0x20
78722c4.2160: Size: 0x23cd8
78822c4.2160: NT Headers: 0xe0
78922c4.2160: Timestamp: 0x5a720b51
79022c4.2160: Machine: 0x8664 - amd64
79122c4.2160: Timestamp: 0x5a720b51
79222c4.2160: Image Version: 6.0
79322c4.2160: SizeOfImage: 0x27000 (159744)
79422c4.2160: Resource Dir: 0x25000 LB 0x3b0
79522c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
79622c4.2160: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
79722c4.2160: ProductName: Avast Antivirus
79822c4.2160: ProductVersion: 18.1.3792.0
79922c4.2160: FileVersion: 18.1.3792.0
80022c4.2160: FileDescription: Avast File System Minifilter for Windows 2003/Vista
80122c4.2160: \SystemRoot\System32\drivers\aswRdr2.sys:
80222c4.2160: CreationTime: 2017-11-23T07:05:11.314353200Z
80322c4.2160: LastWriteTime: 2018-02-23T04:13:02.619089900Z
80422c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
80522c4.2160: FileAttributes: 0x20
80622c4.2160: Size: 0x1aef8
80722c4.2160: NT Headers: 0xe8
80822c4.2160: Timestamp: 0x5a720751
80922c4.2160: Machine: 0x8664 - amd64
81022c4.2160: Timestamp: 0x5a720751
81122c4.2160: Image Version: 6.1
81222c4.2160: SizeOfImage: 0x1a000 (106496)
81322c4.2160: Resource Dir: 0x18000 LB 0x398
81422c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
81522c4.2160: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
81622c4.2160: ProductName: Avast Antivirus
81722c4.2160: ProductVersion: 18.1.3792.0
81822c4.2160: FileVersion: 18.1.3792.0 built by: WinDDK
81922c4.2160: FileDescription: Avast WFP Redirect Driver
82022c4.2160: \SystemRoot\System32\drivers\aswRvrt.sys:
82122c4.2160: CreationTime: 2017-11-23T07:05:11.315342800Z
82222c4.2160: LastWriteTime: 2018-02-23T04:13:02.819527300Z
82322c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
82422c4.2160: FileAttributes: 0x20
82522c4.2160: Size: 0x14990
82622c4.2160: NT Headers: 0xe0
82722c4.2160: Timestamp: 0x5a720734
82822c4.2160: Machine: 0x8664 - amd64
82922c4.2160: Timestamp: 0x5a720734
83022c4.2160: Image Version: 6.0
83122c4.2160: SizeOfImage: 0x13000 (77824)
83222c4.2160: Resource Dir: 0x11000 LB 0x388
83322c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
83422c4.2160: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
83522c4.2160: ProductName: Avast Antivirus
83622c4.2160: ProductVersion: 18.1.3792.0
83722c4.2160: FileVersion: 18.1.3792.0
83822c4.2160: FileDescription: Avast Revert
83922c4.2160: \SystemRoot\System32\drivers\aswSnx.sys:
84022c4.2160: CreationTime: 2017-11-23T07:05:11.317347300Z
84122c4.2160: LastWriteTime: 2018-02-23T04:12:57.138105800Z
84222c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
84322c4.2160: FileAttributes: 0x20
84422c4.2160: Size: 0xfaa88
84522c4.2160: NT Headers: 0xe8
84622c4.2160: Timestamp: 0x5a720752
84722c4.2160: Machine: 0x8664 - amd64
84822c4.2160: Timestamp: 0x5a720752
84922c4.2160: Image Version: 6.0
85022c4.2160: SizeOfImage: 0xf8000 (1015808)
85122c4.2160: Resource Dir: 0xf0000 LB 0x378
85222c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
85322c4.2160: [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
85422c4.2160: ProductName: Avast Antivirus
85522c4.2160: ProductVersion: 18.1.3792.0
85622c4.2160: FileVersion: 18.1.3792.0
85722c4.2160: FileDescription: Avast Virtualization Driver
85822c4.2160: \SystemRoot\System32\drivers\aswsp.sys:
85922c4.2160: CreationTime: 2017-11-23T07:05:11.319351400Z
86022c4.2160: LastWriteTime: 2018-02-23T04:13:02.845593300Z
86122c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
86222c4.2160: FileAttributes: 0x20
86322c4.2160: Size: 0x704b0
86422c4.2160: NT Headers: 0xe8
86522c4.2160: Timestamp: 0x5a720b65
86622c4.2160: Machine: 0x8664 - amd64
86722c4.2160: Timestamp: 0x5a720b65
86822c4.2160: Image Version: 6.0
86922c4.2160: SizeOfImage: 0x71000 (462848)
87022c4.2160: Resource Dir: 0x6f000 LB 0x370
87122c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
87222c4.2160: [Raw version resource data: 0x6f060 LB 0x310, codepage 0x0 (reserved 0x0)]
87322c4.2160: ProductName: Avast Antivirus
87422c4.2160: ProductVersion: 18.1.3792.0
87522c4.2160: FileVersion: 18.1.3792.0
87622c4.2160: FileDescription: Avast self protection module
87722c4.2160: \SystemRoot\System32\drivers\aswStm.sys:
87822c4.2160: CreationTime: 2017-11-23T07:05:11.323372900Z
87922c4.2160: LastWriteTime: 2018-02-23T04:13:03.002936200Z
88022c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
88122c4.2160: FileAttributes: 0x20
88222c4.2160: Size: 0x32298
88322c4.2160: NT Headers: 0x108
88422c4.2160: Timestamp: 0x5a720dbf
88522c4.2160: Machine: 0x8664 - amd64
88622c4.2160: Timestamp: 0x5a720dbf
88722c4.2160: Image Version: 10.0
88822c4.2160: SizeOfImage: 0x32000 (204800)
88922c4.2160: Resource Dir: 0x30000 LB 0x350
89022c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
89122c4.2160: [Raw version resource data: 0x30060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
89222c4.2160: ProductName: Avast Antivirus
89322c4.2160: ProductVersion: 18.1.3792.0
89422c4.2160: FileVersion: 18.1.3792.0
89522c4.2160: FileDescription: Stream Filter
89622c4.2160: \SystemRoot\System32\drivers\aswVmm.sys:
89722c4.2160: CreationTime: 2017-11-23T07:05:11.325377400Z
89822c4.2160: LastWriteTime: 2018-02-23T04:13:02.872652500Z
89922c4.2160: ChangeTime: 2018-02-23T04:13:06.466826400Z
90022c4.2160: FileAttributes: 0x20
90122c4.2160: Size: 0x5ca38
90222c4.2160: NT Headers: 0xe8
90322c4.2160: Timestamp: 0x5a720b53
90422c4.2160: Machine: 0x8664 - amd64
90522c4.2160: Timestamp: 0x5a720b53
90622c4.2160: Image Version: 6.0
90722c4.2160: SizeOfImage: 0x5a000 (368640)
90822c4.2160: Resource Dir: 0x57000 LB 0x390
90922c4.2160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
91022c4.2160: [Raw version resource data: 0x57060 LB 0x330, codepage 0x0 (reserved 0x0)]
91122c4.2160: ProductName: Avast Antivirus
91222c4.2160: ProductVersion: 18.1.3792.0
91322c4.2160: FileVersion: 18.1.3792.0
91422c4.2160: FileDescription: Avast VM Monitor
91522c4.2160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
91622c4.2160: Calling main()
91722c4.2160: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
91822c4.2160: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
91922c4.2160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
92022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
92122c4.2160: SUPR3HardenedMain: Final process, opening VBoxDrv...
92222c4.2160: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001200000 LB 0x400000)
92322c4.2160: supR3HardNtEnableThreadCreation:
92422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
92522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
92622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
92722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
92822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd37e0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
92922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
93022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
93122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd37e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
93322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
93422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
93522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd37e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
93622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd37e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
93722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
93822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
93922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
94022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
94122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
94222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
94322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
94422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
94522c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
94622c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
94722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
94822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
94922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
95022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
95122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
95222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
95322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
95422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
95522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
95622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
95822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
95922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
96022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
96122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
96222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
96322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
96422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7ed0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
96522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
96622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6ab0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
96722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
96822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd75a0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
96922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
97022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
97122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd76a0000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
97222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
97322c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd8930000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
97422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
97522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd8600000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
97622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
97722c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
97822c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
97922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda4a0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
98022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
98122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
98222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
98322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
98422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
98522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7b60000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
98622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
98722c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
98822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
98922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-synch-l1-2-0'
99022c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
99122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
99222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-fibers-l1-1-1'
99322c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
99422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
99522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-fibers-l1-1-1'
99622c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
99722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
99822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-synch-l1-2-0'
99922c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
100022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-localization-l1-2-1'
100222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\WINDOWS\system32\Wintrust.dll'
100322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
100422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
100522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
100622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
100722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
100822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
100922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
101022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
101122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
101222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
101322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
101422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
101522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
101622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
101722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
101822c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
101922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6570000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
102022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
102122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd6570000 'C:\WINDOWS\system32\bcrypt.dll'
102222c4.2160: bcrypt.dll loaded at 00007ffcd6570000, BCryptOpenAlgorithmProvider at 00007ffcd6572590, preloading providers:
102322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
102422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
102522c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7ae0000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
102722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
102822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7ae0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
102922c4.2160: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000036a5020)
103022c4.2160: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000036aeca0)
103122c4.2160: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000036aef70)
103222c4.2160: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000036afa50)
103322c4.2160: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000036afd20)
103422c4.2160: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000036afff0)
103522c4.2160: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000036b0330)
103622c4.2160: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000036b0a10)
103722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
103822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
104022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
104322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
104622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
104922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
105022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
105222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
105322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
105522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
105622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
105822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
105922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
106022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd67e0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
106122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
106222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
106322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
106422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
106522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
106622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
106722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
106822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
106922c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd5c00000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
107122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
107322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
107422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
107522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
107622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd61b0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
107722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
107822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
107922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
108022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
108122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
108222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8550000 'C:\WINDOWS\System32\kernel32.dll'
108422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
108522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
108622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
108722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
108822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\CRYPT32.dll'
108922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd88a0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
109022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
109122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
109222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
109322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
109522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
109622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
109722c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
109822c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
109922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd5520000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
110022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
110122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6ad0000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
110222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
110322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
110422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
110522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
110622c4.2160: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
110722c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
110822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
110922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
111022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
111122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
111422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
111522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
111622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
111722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
112022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112122c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112222c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcc0410000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
112322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112522c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
112622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
112722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
112922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
113022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
113322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
113622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
113922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
114222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
114422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
114622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
114822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
115022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
115222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\WINDOWS\System32\cryptnet.dll'
115322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0410000 'C:\Windows\System32\cryptnet.dll'
115522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
115622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
115722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
115822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
115922c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
116022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
116122c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
116222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003762eb0
116322c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
116422c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6B794ACDFBB707D3DF3C6A6F6EE1A5DF718084B1
116522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
116622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
116722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8930000 'C:\WINDOWS\System32\rpcrt4.dll'
116822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
116922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
117022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
117122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
117222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
117322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
117422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
117522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
117622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
117722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
117822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
117922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
118022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
118122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\Windows\System32\WINTRUST.DLL'
118322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
118422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
118622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
118722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
118922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_999_for_KB4074588~31bf3856ad364e35~amd64~~10.0.1.17.cat'; file='\SystemRoot\System32\ntdll.dll'
119022c4.2160: g_pfnWinVerifyTrust=00007ffcd7b66bc0
119122c4.2160: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
119222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
119322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
119522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
119622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
119822c4.2160: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
119922c4.2160: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
120022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
120122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
120322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
120422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
120622c4.2160: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
120722c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
120822c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
120922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
121022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
121122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
121222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
121422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
121522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
121622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
121722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
121822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
121922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
122022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
122122c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
122222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
122322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
122422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
122522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
122622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
122722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
122822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
122922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
123022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
123122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
123222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
123322c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
123422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
123522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
123622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
123722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
123822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
123922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
124022c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
124122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
124222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
124322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
124422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
124522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
124622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
124722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
124822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
124922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
125022c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
125122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
125222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
125322c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
125422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
125522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
125622c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
125722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
125822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
125922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
126022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
126122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
126222c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
126322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
126422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
126522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
126622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
126722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
126822c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
126922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
127022c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
127122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
127222c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
127322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
127422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
127522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
127622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
127722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
127822c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
127922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\system32\crypt32.dll'
128022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
128122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x47dc8ded7e6ade00 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
128222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
128322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
128422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
128522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
128622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
128722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
128822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
128922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
129022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe0249b57ec7fbc00 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
129122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xee325335cd8dba00 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2007
129222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
129322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3703c8da1585b000 C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA
129422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x8b062bb556fcc300 C=FR, O=Certeurope, OU=0002 434202180, CN=Certeurope Root CA 2
129522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x977025a7d23db100 C=UY, O=ADMINISTRACION NACIONAL DE CORREOS, OU=SERVICIOS ELECTRONICOS, CN=Correo Uruguayo - Root CA
129622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x15941d5f68b5c600 CN=ComSign Secured CA, O=ComSign, C=IL
129722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
129822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
129922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3c0043239a65bd00 C=FR, O=Certplus, CN=Class 3TS Primary CA
130022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
130122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
130222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa5c88c0a3eb7ab00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
130322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4701de45a311b800 C=NL, O=Digidentity B.V., CN=Digidentity L3 Root CA - G2
130422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
130522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xeb7a1ac4eef2cd00 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Platina (Class Platinum) Főtanúsítvány
130622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x788c2b5ac673bf00 C=CN, O=CFCA GT CA
130722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe0c6a3a05515a600 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
130822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x1f3f10cd6b5dd700 C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
130922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc7d32b6954e4f000 CN=ComSign CA, O=ComSign, C=IL
131022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
131122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x760668e19592ff00 CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
131222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
131322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
131422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xaafa7abb99ab000 O=Cisco Systems, CN=Cisco Root CA 2048
131522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
131622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
131722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5eb09e2012c300 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
131822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb798ed29328b700 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
131922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x38b3b5303d1acd00 C=GR, O=Athens Exchange S.A., CN=ATHEX Root CA
132022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
132122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
132222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x72b9f9f128f2be00 C=DE, O=DATEV eG, CN=CA DATEV BT 01
132322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
132422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x41fe5fa9df12c400 C=US, O=AffirmTrust, CN=AffirmTrust Premium
132522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
132622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xafc0be88bdf2a800 DC=rs, DC=posta, DC=ca, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=Posta CA Root
132722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
132822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
132922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd94cd06e3094b700 C=FR, O=Certplus, CN=Class 3 Primary CA
133022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf08242cb8436b500 C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services
133122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
133222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
133322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
133422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
133522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x39889aa748eabf00 C=ES, ST=Barcelona, L=Barcelona (see current address at https://www.anf.es/address/), O=ANF Autoridad de Certificación, OU=ANF Clase 1 CA, SRN=G63287510, CN=ANF Server CA
133622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x48cc53a3896bab00 C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A.
133722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd71519e43fd5ba00 C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2
133822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xade42733bd8d9700 C=us, O=U.S. Government, OU=FBCA, CN=Common Policy
133922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x1c29714b0c909400 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA1
134022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
134122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4bc5e0ecc020c800 C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, Email=pki@sk.ee
134222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xca22f040a77fb200 C=LU, O=LuxTrust s.a., CN=LuxTrust Global Root
134322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe0b0c3006b04c400 C=LV, OU=Sertifikacijas pakalpojumu dala, CN=E-ME SSI (RCA)
134422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x22c0bfed122ca900 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA II
134522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x292d67d00f91f000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados Notariales
134622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa8a0b90e1e0a8700 C=IN, O=India PKI, CN=CCA India 2011
134722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xea33d3c14ab5d900 C=DE, ST=Baden-Wuerttemberg (BW), L=Stuttgart, O=Deutscher Sparkassen Verlag GmbH, CN=S-TRUST Authentication and Encryption Root CA 2005:PN
134822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
134922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
135022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x923c3ab73579a1d0 C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
135122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
135222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
135322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x20a3c30cad008000 C=ES, O=DIRECCION GENERAL DE LA POLICIA, OU=DNIE, CN=AC RAIZ DNIE
135422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
135522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf7c33b7ebfec9b00 C=SI, O=POSTA, OU=POSTArCA
135622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
135722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xab7df2a48539b200 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
135822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
135922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
136022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfbf8ea8e6b96ca00 C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
136122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xeb1d2a732928b200 CN=ComSign Global Root CA, O=ComSign Ltd., C=IL
136222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
136322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf44cbb0f8c74bc00 C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
136422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x67db7cef8732e500 C=DE, O=DATEV eG, CN=CA DATEV STD 02
136522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6a4c39c4152dd100 C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s.
136622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xbf168afe877852f1 C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
136722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdf103d404d3cef00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
136822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2
136922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
137022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x177a8452aab3d500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Normalised CA
137122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x449f1b13efa09400 C=CH, O=SwissSign AG, CN=SwissSign Platinum Root CA - G3
137222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x862f01f4720ec800 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA I
137322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
137422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdff6d845073c8b00 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
137522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2f371157ab2ac600 C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
137622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
137722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xada18517b3fdc600 C=FR, O=KEYNECTIS, OU=ROOT, CN=KEYNECTIS ROOT CA
137822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
137922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
138022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x87b3c722f299c800 C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (RootCA)
138122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
138222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x68dbf810c635b900 C=JP, O=LGPKI, OU=Application CA G2
138322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x94b9196cd23ff000 C=DE, O=DATEV eG, CN=CA DATEV INT 02
138422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x974a61bfaba99b00 CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
138522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
138622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
138722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x52273f34861cc300 C=IT, L=Milano, O=Actalis S.p.A./03358520967, CN=Actalis Authentication CA G1
138822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xebbf1d700c008a00 C=US, O=Verizon Business, OU=OmniRoot, CN=Verizon Global Root CA
138922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x94fb3f125608a800 C=CZ, CN=I.CA - Standard Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Provider of Certification Services
139022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
139122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
139222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x236696801e5e9900 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA3
139322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
139422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7c71e6059b87be00 C=CH, O=SwissSign AG, CN=SwissSign Silver Root CA - G3
139522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
139622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6a3ad06184a0ee00 CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR
139722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT
139822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdaad63f38ff8e900 C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, Email=info@e-szigno.hu
139922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
140022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
140122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
140222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7d2686ca075db300 C=CN, O=UniTrust, CN=UCA Root
140322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5784013b5c9c9d00 CN=ComSign Advanced Security CA
140422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5c39bb51bbe0b400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
140522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x80932303749f217 C=SI, O=Halcom, CN=Halcom CA PO 2
140622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x8b7607cf260bd500 C=si, O=state-institutions, OU=sigov-ca
140722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x8f874e74e06da700 C=JP, O=Japanese Government, OU=ApplicationCA
140822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x23f085ee57b2b400 C=ES, O=Consejo General de la Abogacia NIF:Q-2863006I, CN=Autoridad de Certificacion de la Abogacia
140922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x831827e970529d00 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados CGN V2
141022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
141122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
141222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe6519d844e429500 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
141322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc9b005046ffea100 C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA1
141422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
141522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa09adb78d220ae00 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Qualified CA
141622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
141722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
141822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
141922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xce3493bee81cce00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v1
142022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa16e1e56de57af00 C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
142122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2a6a1dc6b9e6b200 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados Notariales V2
142222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
142322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca999312534d200 C=CH, O=admin, OU=Services, OU=Certification Authorities, CN=AdminCA-CD-T01
142422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x25debfb1cdcddc00 CN=AC1 RAIZ MTIN, SRN=S2819001E, OU=PRESTADOR DE SERVICIOS DE CERTIFICACION MTIN, OU=SUBDIRECCION GENERAL DE PROCESO DE DATOS, O=MINISTERIO DE TRABAJO E INMIGRACION, L=MADRID, C=ES
142522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xaec72ec8296bc300 C=FR, O=Certplus, CN=Class 1 Primary CA
142622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
142722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf274f0a48808ab00 C=CZ, CN=I.CA - Qualified root certificate, O=První certifikační autorita, a.s.
142822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
142922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
143022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdb2cd5c20d0aaf00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
143122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x33c562d0d11fb200 C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr
143222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
143322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x665014bdbcc8f800 O=Cybertrust, Inc, CN=Cybertrust Global Root
143422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
143522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
143622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
143722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5153f7daa1499900 C=DK, O=TRUST2408, CN=TRUST2408 OCES Primary CA
143822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x19c084be4feaba00 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA A
143922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x92d01fe10011c900 C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA
144022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
144122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x363d9b00b34fcb00 C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
144222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
144322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa8aca89ee6edc000 C=SE, O=Inera AB, CN=SITHS Root CA v1
144422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
144522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7637cbb5cf9ce200 C=SG, O=Netrust Certificate Authority 1, OU=Netrust CA1
144622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
144722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x75f4feca85b98900 C=SI, O=Halcom, CN=Halcom Root CA
144822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfe74e9a1fda3c000 C=DE, O=DATEV eG, CN=CA DATEV INT 01
144922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
145022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
145122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x783bbdee737e9b00 C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
145222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
145322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
145422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x69785d02da6eb500 C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com, Email=Info@izenpe.com
145522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf8491584e4cdb300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 2 CA 2007
145622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
145722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
145822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfe3e3d933619ad3f C=ES, O=FNMT, OU=FNMT Clase 2 CA
145922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe05fe608c95b000 C=IL, O=PersonalID Ltd., OU=Certificate Services, CN=PersonalID Trustworthy RootCA 2011
146022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
146122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xcfd21c88249eb300 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-03, CN=A-Trust-Qual-03
146222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd607333e36718100 Email=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
146322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdc94c92cf53db900 C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
146422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4e5147f555f3c100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA B
146522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x64acc0b265e5b000 C=si, O=state-institutions, OU=sigen-ca
146622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
146722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5901ca5aa77fd00 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
146822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd0353b9e7b50c500 C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
146922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x556cacd82e35af00 C=US, O=SecureTrust Corporation, CN=Secure Global CA
147022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x99f15213ef3bc100 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
147122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe4dba5da41bbe600 C=DE, O=DATEV eG, CN=CA DATEV BT 02
147222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
147322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa9c86e43a2efdb00 C=PT, O=SCEE, CN=ECRaizEstado
147422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
147522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf23ec9c15254b300 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
147622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
147722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
147822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 L=Alvaro Obregon, ST=Distrito Federal, C=MX, ZIP=01030, street=Insurgentes Sur 1940, CN=Autoridad Certificadora Raiz de la Secretaria de Economia, OU=Direccion General de Normatividad Mercantil, O=Secretaria de Economia, Email=acrse@economia.gob.mx
147922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe8985fec4712d200 C=AT, L=Vienna, ST=Austria, O=ARGE DATEN - Austrian Society for Data Protection, OU=GLOBALTRUST Certification Service, CN=GLOBALTRUST, Email=info@globaltrust.info
148022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xae429fd0a270a200 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
148122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
148222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
148322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xafe3d3869f859d00 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine
148422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
148522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
148622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfd887dc131f69200 C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
148722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
148822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x4297e24fc722b300 C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
148922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
149022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfe221444afe0cb00 C=ch, O=admin, OU=Services, OU=Certification Authorities, CN=Admin-Root-CA
149122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
149222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa9cc8cfa2245a100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA C
149322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
149422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xcd7b81d500c8ed00 C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
149522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
149622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x419b60ebff37ab00 C=FR, O=Certplus, CN=Class 3P Primary CA
149722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xb8ce920e1b50ac00 C=ES, O=Colegio de Registradores de la Propiedad y Mercantiles de España, OU=Certificado Propio, CN=Registradores de España - CA Raíz
149822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
149922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
150022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x3a8810ff4b6d8a00 C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
150122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9830119f287caa00 C=FR, O=ANSSI, OU=0002 130007669, CN=IGC/A AC racine Etat francais
150222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x7f2bd4d15bd9c500 C=SE, O=Carelink, CN=SITHS CA v3
150322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x87fc251e2149d000 C=CN, O=WoSign CA Limited, CN=CA 沃通根证书
150422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xfa20c4eccee39700 C=DE, O=DATEV eG, CN=CA DATEV STD 01
150522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
150622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xcaac0c3f3f759000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados CGN
150722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x817a1151b5d29800 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
150822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xeb8adc879521a200 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Corporaciones de Derecho Publico
150922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf63f5006e5b3da00 C=CN, O=UniTrust, CN=UCA Global Root
151022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9d5a65c89fe8c300 C=CH, O=SwissSign AG, CN=SwissSign Gold Root CA - G3
151122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x2f5561fdf9b89b00 C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA)
151222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
151322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x5dcc74a787f8b600 C=MO, O=Macao Post, CN=Macao Post eSignTrust Root Certification Authority (G02)
151422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
151522c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
151622c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf1fbd6404bd4a500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust TOP Root CA
151722c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
151822c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x407c0c3d7576bf00 C=SI, O=ACNLB
151922c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x9de5960126a3bc00 C=SI, O=Halcom, CN=Halcom CA FO
152022c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
152122c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
152222c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xf03913fae404bc00 C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
152322c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xd43dd8b22552c700 C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, Email=info@netlock.hu
152422c4.2160: supR3HardenedWinIsDesiredRootCA: Adding 0xdf603f23927b9600 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA2
152522c4.2160: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=245
152622c4.2160: SUPR3HardenedMain: Load Runtime...
152722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
152822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
152922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
153022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
153122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
153222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
153322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
153422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
153522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
153622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
153722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
153822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
153922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
154022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
154122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
154222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
154322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
154422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
154522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
154622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
154922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
155022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
155122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
155222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
155322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
155422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
155522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
155622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
155722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
155822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
155922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
156022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
156122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
156222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
156322c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
156422c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
156522c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
156622c4.2160: supR3HardenedDllNotificationCallback: load 000000005cf90000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
156722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
156822c4.2160: supR3HardenedDllNotificationCallback: load 000000005cef0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
156922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
157022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd88c0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
157122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
157222c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcafb70000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
157322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
157422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
157522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
157622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
157722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
157922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
158022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
158122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
158322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
158422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
158622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
158722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
158922c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
159022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
159222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
159322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
160222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
160322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
162022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
162122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcafb70000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7b60000 'C:\WINDOWS\system32\Wintrust.dll'
162622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
162722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
162822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
162922c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
163022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
163122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
163222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\system32\crypt32.dll'
163322c4.2160: SUPR3HardenedMain: Load TrustedMain...
163422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
163522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
163622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
163722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
163822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
163922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
164022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
164122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
164222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
164322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
164422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
164522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
164622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
164722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
164822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
164922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
165022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
165122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
165222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
165322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
165422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
165522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
165622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
165722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
165822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
165922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
166022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
166122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
166222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
166322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
166422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
166522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
166622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
166722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
166822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
167022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
167122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
167222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
167322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
167422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
167522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
167622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
167722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
167822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
167922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
168022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
168122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
168222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
168322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
168422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
168522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
168822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
168922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
169022c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
169122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
169222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
169322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
169422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
169522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
169622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
169722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
169822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
169922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
170022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
170122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
170222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
170322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
170422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
170522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
170622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
170722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
170822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
170922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
171022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
171122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
171222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
171322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
171422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
171522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
171622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
171722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
171822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172022c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
172122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
172222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
172322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
172422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
172522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
172622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
172722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
172822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
172922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
173022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
173122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
173222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
173322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
173422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
173522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
173622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
173722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
173822c4.2160: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
173922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
174022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
174122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
174222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
174322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
174422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
174522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
174622c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
174722c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
174822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
174922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
175022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
175122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
175422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
175722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
176022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
176322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
176422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
176522c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
176622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
176722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
176822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
176922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
177022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
177122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
177222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
177322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
177422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
177522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
177622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
177722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
177822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
177922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
178022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
178122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
178222c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
178322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
178422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
178522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
178622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
178722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
178822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
178922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
179022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
179122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
179222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
179322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
179422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
179522c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
179622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
179722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
179822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
179922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
180022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
180122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
180222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
180322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
180422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
180522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
180622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
180722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
180822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
180922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
181022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
181122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
181222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
181322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
181422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
181522c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
181622c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
181722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
181822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
181922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
182022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
182122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
182222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
182322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
182422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
182522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
182622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
182722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
182822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
182922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
183022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
183122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
183222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
183322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
183422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
183522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
183622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
183722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
183822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
183922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
184022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
184122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
184222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
184322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
184422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
184522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
184622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
184722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
184822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
184922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
185022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
185122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
185222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
185322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
185422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
185522c4.2160: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
185622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
185722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
185822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
185922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
186022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
186122c4.2160: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
186222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
186322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
186422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
186522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
186622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
186722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
186822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
186922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
187022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
187122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
187222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
187322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
187422c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
187522c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
187622c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
187722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
187822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
187922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
188022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
188122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
188222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
188322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
188422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
188522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
188622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
188722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
188822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
188922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
189022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
189122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
189222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
189322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
189422c4.2160: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
189522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
189622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
189722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
189822c4.2160: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
189922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
190022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
190122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
190222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
190322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
190422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
190522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
190622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
190722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
190822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
190922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
191022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
191122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
191222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
191322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
191422c4.2160: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
191522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
191722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
191822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
191922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
192122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
192222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
192322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
192422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
192522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
192622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
192722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
192822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
192922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
193022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
193122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
193222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
193322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
193422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
193522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
193622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
193722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
193822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
193922c4.2160: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
194022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
194222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
194322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
194422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
194522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
194622c4.2160: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
194722c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
194822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
194922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
195022c4.2160: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
195122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
195322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
195422c4.2160: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
195522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
195622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
195722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
195822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
195922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
196022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
196122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
196222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
196322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
196422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
196522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
196622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
196722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
196822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
196922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
197022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
197122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
197222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
197322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
197422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
197522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
197622c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL'.
197722c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)
197822c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
197922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
198222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
198322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
198422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
198522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
198622c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
198722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
198822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
198922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
199022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
199122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
199222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
199322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
199422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
199522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
199622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
199722c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
199822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
199922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
200022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
200122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
200222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
200322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
200422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
200522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
200622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
200822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
200922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
201022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
201122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
201222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
201322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
201422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
201522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
201622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
201722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
201822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
201922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
202022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
202122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
202222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
202322c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
202422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
202522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
202622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
202722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
202822c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
202922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
203022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
203122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
203222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
203322c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
203422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
203522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
203622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
203722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
203822c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
203922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
204022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
204122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
204222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
204322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
204422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
204522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
204622c4.2160: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
204722c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
204822c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
204922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
205022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
205122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
205222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
205322c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
205422c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205522c4.2160: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
205622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
205722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
205822c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
205922c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
206022c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
206122c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
206222c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
206322c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
206422c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
206522c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
206622c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
206722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
206822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
206922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
207022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
207122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\comctl32.dll)
207222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\comctl32.dll
207322c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
207422c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
207522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7bc0000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
207622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
207722c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7500000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
207822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
207922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7360000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
208022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
208122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
208222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
208322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
208422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
208522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
208622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda000000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
208722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
208822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd83c0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
208922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcc74a0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
209022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
209122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcb2560000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
209222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
209322c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7be0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
209422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
209522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
209622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda190000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
209722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
209822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda550000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
209922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
210022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
210122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
210222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
210322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
210422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7cd0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
210522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
210622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6b40000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
210722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
210822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
210922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
211022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
211122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6af0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
211222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
211322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
211422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
211522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd6b60000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
211622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
211722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
211822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
211922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
212022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
212122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
212222c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd8a50000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
212322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
212422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd8660000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
212522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
212622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcbce30000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
212722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
212822c4.2160: supR3HardenedDllNotificationCallback: load 000000005c980000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
212922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
213022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcaea10000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
213122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
213222c4.2160: supR3HardenedDllNotificationCallback: load 000000005c410000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
213322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
213422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd5d80000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
213522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
213622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffccfd00000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
213722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
213822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffccff30000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\COMCTL32.dll [fFlags=0x0]
213922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\comctl32.dll [avoiding WinVerifyTrust]
214022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda070000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
214122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
214222c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcc74d0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
214322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
214422c4.2160: supR3HardenedDllNotificationCallback: load 000000005c3b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
214522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
214622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda660000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
214722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
214822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd32a0000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
214922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
215022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd3300000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
215122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
215222c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcaf130000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
215322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
215422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
215522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
215622c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
215722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
215822c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
215922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
216022c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
216122c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
216222c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
216322c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
216422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
216522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
216622c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\comctl32.dll'.
216722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_8879e63c4abacc42\comctl32.dll' [rescheduled]
216822c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
216922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
217022c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
217122c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
217222c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL'.
217322c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL' [rescheduled]
217422c4.2160: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
217522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
217622c4.2160: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
217722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
217822c4.2160: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
217922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
218022c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
218122c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
218222c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
218322c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
218422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
218522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
218622c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
218722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
218822c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
218922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
219022c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
219122c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
219222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
219322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
219422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
219522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
219622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
219722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
219822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
219922c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
220022c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
220122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
220222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
220322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
220422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
220522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
220622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
220722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
220822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
220922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
221022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
221122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
221222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
221322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
221422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
221522c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
221622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
221722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
221822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
221922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
222022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
222122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
222222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
222322c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
222422c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
222522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
222622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
222722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
222822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
222922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
223022c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
223122c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
223222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
223322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
223422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
223522c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
223622c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
223722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
223822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
223922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
224022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
224122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
224222c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
224322c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
224422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
224522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
224622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
224722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
224822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8550000 'C:\WINDOWS\System32\kernel32.dll'
224922c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
225022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
225122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-string-l1-1-0'
225222c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
225322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
225422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-datetime-l1-1-1'
225522c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
225622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
225722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-localization-obsolete-l1-2-0'
225822c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
225922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
226022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
226122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
226222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
226322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
226422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
226522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
226622c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
226722c4.2160: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
226822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
226922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
227022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
227122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcda040000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
227222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
227322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda040000 'C:\WINDOWS\system32\IMM32.DLL'
227422c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
227522c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
227622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
227722c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
227822c4.2160: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
227922c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda040000 'C:\WINDOWS\System32\imm32.dll'
228122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
228222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
228322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda4a0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
228422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcaf130000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
228522c4.2160: SUPR3HardenedMain: Calling TrustedMain (00007ffcaf1314f0)...
228622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
228722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
228822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
228922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
229022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
229122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
229222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
229322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
229422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
229522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
229622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
229722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
229822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
229922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
230022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
230122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
230222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
230322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
230422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
230522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
230622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
230722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
230822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
230922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
231022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
231122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
231222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
231322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
231422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
231522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
231622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
231722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
231822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
231922c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
232022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
232122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
232222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
232322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
232422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
232522c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
232622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
232722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
232822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
232922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
233022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
233122c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
233222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
233322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
233422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
233522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
233622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
233722c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
233822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
233922c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
234022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcb1910000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
234122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
234222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb1910000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
234322c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006bc pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
234422c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
234522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
234622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
234722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
234822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
234922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
235022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
235122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
235222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
235322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
235422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
235522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
235622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
235722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
235822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
235922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
236022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
236122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
236222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
236322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
236422c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
236522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd4940000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
236622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
236722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4940000 'C:\WINDOWS\system32\uxtheme.dll'
236822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd83c0000 'C:\WINDOWS\system32\user32.dll'
236922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
237022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
237122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8a50000 'C:\WINDOWS\system32\shell32.dll'
237222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
237322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
237422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
237522c4.2160: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
237622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
237722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda550000 'C:\WINDOWS\system32\SHCore.dll'
237822c4.2160: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
237922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
238022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
238122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
238222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
238322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
238422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
238522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
238622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd4fe0000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
238722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
238822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
238922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
239022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
239122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
239222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
239322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
239422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
239522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
239622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
239722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
239822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
239922c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
240022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
240122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\system32\winmm.dll'
240322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
240422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\system32\winmm.dll'
240622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
240722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8a50000 'C:\WINDOWS\system32\shell32.dll'
240922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
241022c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
241122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4940000 'C:\WINDOWS\system32\uxtheme.dll'
241222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
241322c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
241422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda4a0000 'C:\WINDOWS\system32\advapi32.dll'
241522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
241622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
241722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
241822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
241922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
242022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
242122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
242222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
242322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
242422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
242522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
242622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
242722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
242822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd69e0000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
242922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
243022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd69e0000 'C:\WINDOWS\system32\userenv.dll'
243122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
243222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8550000 'C:\WINDOWS\System32\kernel32.dll'
243422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd7c30000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
243522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
243622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
243722c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
243822c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
243922c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
244022c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
244122c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
244222c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
244322c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
244422c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
244522c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
244622c4.750: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
244722c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
244822c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
244922c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
245022c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
245122c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
245222c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
245322c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
245422c4.750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
245522c4.750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
245622c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
245722c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
245822c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
245922c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
246022c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
246122c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
246222c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
246322c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
246422c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
246522c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
246622c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
246722c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
246822c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
246922c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
247022c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
247122c4.750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
247222c4.750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
247322c4.750: supR3HardenedDllNotificationCallback: load 00007ffcae4c0000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
247422c4.750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
247522c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcae4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
247622c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
247722c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
247822c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
247922c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
248022c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
248122c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
248222c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
248322c4.750: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
248422c4.750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
248522c4.750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
248622c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
248722c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
248822c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
248922c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
249022c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
249122c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
249222c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
249322c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
249422c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
249522c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
249622c4.750: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
249722c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
249822c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
249922c4.750: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
250022c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
250122c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
250222c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
250322c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
250422c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
250522c4.750: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
250622c4.750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
250722c4.750: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
250822c4.750: supR3HardenedDllNotificationCallback: load 00007ffcb0770000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
250922c4.750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
251022c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb0770000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
251122c4.750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
251222c4.750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
251322c4.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda660000 'C:\Windows\System32\oleaut32.dll'
251422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
251522c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
251622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda000000 'C:\WINDOWS\system32\gdi32.dll'
251722c4.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
251822c4.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
251922c4.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
252022c4.1d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
252122c4.1d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
252222c4.1d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
252322c4.1d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
252422c4.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
252522c4.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
252622c4.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
252722c4.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
252822c4.1d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
252922c4.1d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
253022c4.1d04: supR3HardenedDllNotificationCallback: load 00007ffccc040000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
253122c4.1d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
253222c4.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccc040000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
253322c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
253422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
253522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8a50000 'C:\WINDOWS\system32\shell32.dll'
253622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd9e90000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
253722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
253822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
253922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
254022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
254122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
254222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
254322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
254422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
254522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
254622c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
254722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
254822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
254922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
255022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
255122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
255222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
255322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
255422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
255522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
255622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
255722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
255822c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
255922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
256022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
256122c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
256222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
256322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
256422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
256522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
256622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
256722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
256922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
257022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
257122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
257222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
257322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
257422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
257522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
257622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
257722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
257822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
257922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
258022c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
258122c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
258222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
258322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
258422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
258722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
258822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
258922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
259022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
259122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
259222c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
259322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
259422c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
259522c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
259622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
259722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
259822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
259922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
260022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
260122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
260222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
260322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
260422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
260522c4.2160: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
260622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
260722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
260822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
260922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
261022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
261122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
261222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
261322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
261422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
261522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
261622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
261722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
261822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
261922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
262022c4.2160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
262122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
262222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
262322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
262422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
262522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
262622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
262722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
262822c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
262922c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
263022c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
263122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd55a0000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
263222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
263322c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd3830000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
263422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
263522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd41c0000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
263622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
263722c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcc4190000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
263822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
263922c4.2160: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
264022c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
264122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda000000 'C:\WINDOWS\System32\gdi32.dll'
264222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc4190000 'C:\WINDOWS\system32\dataexchange.dll'
264322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
264422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
264522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
264622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
264722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
264822c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
264922c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
265022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
265222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
265322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
265422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd50d0000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
265522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
265622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd50f0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
265722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
265822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
265922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
266022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
266122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
266222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
266322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
266422c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
266522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
266622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
266722c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
266822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
266922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
267022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
267122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
267222c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
267322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
267622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
267722c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
267822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
267922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
268022c4.2160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
268122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
268222c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
268322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd9e90000 'C:\WINDOWS\System32\MSCTF.dll'
268422c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
268522c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8660000 'C:\WINDOWS\System32\ole32.dll'
268722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
268822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda660000 'C:\WINDOWS\System32\OLEAUT32.dll'
269022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
269122c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
269222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
269322c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
269422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
269522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
269622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
269722c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
269822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
269922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
270022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
270122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
270222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
270322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
270422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
270522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a54 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
270622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
270722c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
270822c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
270922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
271022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
271122c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
271222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
271322c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
271422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
271522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
271622c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
271722c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
271822c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
271922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
272022c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
272122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
272222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
272322c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
272422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
272522c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
272622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
272722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
272822c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
272922c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
273022c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
273122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
273222c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
273322c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
273422c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcce2c0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
273522c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
273622c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcce5e0000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
273722c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
273822c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
273922c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
274022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
274122c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcce5e0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
274222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
274322c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
274422c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
274522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C70145BD7347C12AB1BF3946D40606389C4D331
274622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
274722c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
274822c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
274922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
275022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
275122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
275222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
275322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
275422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
275522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
275622c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275722c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
275822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
275922c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
276022c4.2160: supR3HardenedDllNotificationCallback: load 00007ffccb850000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
276122c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
276222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccb850000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
276322c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
276422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
276522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-localization-l1-2-0.dll'
276622c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
276722c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
276822c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd7870000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
276922c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a38 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
277022c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
277122c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
277222c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
277322c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
277422c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
277522c4.2160: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
277622c4.2160: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
277722c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
277822c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
277922c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
278022c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
278122c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
278222c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
278322c4.2160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
278422c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
278522c4.2160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
278622c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
278722c4.2160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
278822c4.2160: supR3HardenedDllNotificationCallback: load 00007ffccb8f0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
278922c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
279022c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccb8f0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
279122c4.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
279222c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
279322c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
279422c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
279522c4.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
279622c4.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
279722c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
279822c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
279922c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
280022c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
280122c4.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
280222c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
280322c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
280422c4.1bcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
280522c4.1bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
280622c4.1bcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
280722c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
280822c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
280922c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281022c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281122c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
281222c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
281322c4.1bcc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
281422c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
281522c4.1bcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
281622c4.1bcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
281722c4.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
281822c4.1bcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
281922c4.1bcc: supR3HardenedDllNotificationCallback: load 000000005c2a0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
282022c4.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
282122c4.1bcc: supR3HardenedDllNotificationCallback: load 00007ffcad240000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
282222c4.1bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
282322c4.1bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad240000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
282422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
282522c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aec pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
282622c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
282722c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
282822c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F30E80B88384D221750DC79ADCE84BDFB8A5A73A
282922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
283022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
283122c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
283222c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
283322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
283422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
283522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'oleaut32.dll'.
283622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'ws2_32.dll'.
283722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'netsetupapi.dll'.
283822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'setupapi.dll'.
283922c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
284022c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
284122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
284222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
284322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
284422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
284522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
284622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
284722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
284822c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
284922c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
285022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
285122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
285222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
285322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
285422c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
285522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
285622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
285722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
285822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
285922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
286022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
286122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
286222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
286322c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
286422c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
286522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
286622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
286722c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
286822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
286922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
287022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
287122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
287222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
287322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
287422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
287522c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
287622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
287722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
287822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
287922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
288022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
288122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
288222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
288322c4.3e28: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
288422c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
288522c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
288622c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
288722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcca6e0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
288822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
288922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd7f70000 LB 0x0044e000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
289022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
289122c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc8920000 LB 0x0007d000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
289222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
289322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc8920000 'C:\Windows\System32\NetSetupShim.dll'
289422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
289522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
289622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
289722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
289822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
289922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
290022c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
290122c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
290222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
290322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
290422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
290522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
290622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
290722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
290822c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll) WinVerifyTrust
290922c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
291022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
291122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
291222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
291322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
291422c4.3e28: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
291522c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
291622c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
291722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
292022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
292122c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll) WinVerifyTrust
292222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
292322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
292522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
292622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292722c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
292822c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
292922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd8890000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
293022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
293122c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd1780000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
293222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
293322c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcae3f0000 LB 0x000c1000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
293422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
293522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcae3f0000 'C:\Windows\System32\NetSetupEngine.dll'
293622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
293722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
293822c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
293922c4.24cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
294022c4.24cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
294122c4.24cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
294222c4.24cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
294322c4.24cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
294422c4.24cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
294522c4.24cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
294622c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
294722c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
294822c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
294922c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
295022c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
295122c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
295222c4.24cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
295322c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
295422c4.24cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
295522c4.24cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295622c4.24cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
295722c4.24cc: supR3HardenedDllNotificationCallback: load 00007ffccc010000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
295822c4.24cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
295922c4.24cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccc010000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
296022c4.24cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd83c0000 'C:\WINDOWS\system32\User32.dll'
296122c4.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
296222c4.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
296322c4.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
296422c4.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
296522c4.1578: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
296622c4.1578: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
296722c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
296822c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
296922c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
297022c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
297122c4.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
297222c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
297322c4.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
297422c4.1578: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
297522c4.1578: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
297622c4.1578: supR3HardenedDllNotificationCallback: load 00007ffccbe30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
297722c4.1578: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
297822c4.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccbe30000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
297922c4.291c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
298022c4.291c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
298122c4.291c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
298222c4.291c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
298322c4.291c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
298422c4.291c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
298522c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
298622c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
298722c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
298822c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
298922c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
299022c4.291c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
299122c4.291c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
299222c4.291c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
299322c4.291c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
299422c4.291c: supR3HardenedDllNotificationCallback: load 00007ffcc9ea0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
299522c4.291c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
299622c4.291c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc9ea0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
299722c4.3624: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
299822c4.3624: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
299922c4.3624: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
300022c4.3624: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
300122c4.3624: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
300222c4.3624: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
300322c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
300422c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
300522c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
300622c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
300722c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
300822c4.3624: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
300922c4.3624: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301022c4.3624: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
301122c4.3624: supR3HardenedDllNotificationCallback: load 00007ffcc9550000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
301222c4.3624: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
301322c4.3624: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc9550000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
301422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd8a50000 'C:\WINDOWS\system32\Shell32.dll'
301522c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
301622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
301722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad240000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
301822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
301922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
302022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
302122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
302222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
302322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
302422c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
302522c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
302622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
302722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
302822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
302922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
303022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
303122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
303222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
303322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
303422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
303522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
303622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
303722c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
303822c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
303922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
304022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
304122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6940000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
304222c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
304322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
304422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
304522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
304622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
304722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
304822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
304922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
305022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
305122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
305222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
305322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
305422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
305522c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
305622c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
305722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
305822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
305922c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
306022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
306122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
306222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
306322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
306422c4.3e28: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL'
306522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
306622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
306722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
306822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
306922c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
307022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
307122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
307222c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
307322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
307422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
307522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
307622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
307722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
307822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
307922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
308022c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
308122c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
308222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
308322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
308422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
308522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
308622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
308722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
308822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
308922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
309022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
309122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
309222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
309322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
309422c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
309522c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
309622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
309722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
309822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
309922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
310022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
310122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
310222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
310322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
310422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
310522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
310622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
310722c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
310822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
310922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
311022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
311122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
311222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
311322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
311422c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
311522c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
311622c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
311722c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
311822c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6ff0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
311922c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
312022c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6810000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
312122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
312222c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffc9e410000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
312322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
312422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9e410000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
312522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
312622c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
312722c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
312822c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
312922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
313022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
313122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6940000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
313222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
313322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
313422c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcae4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
313622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
313722c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
313822c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6810000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
314022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
314122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
314222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
314322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
314422c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
314522c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
314622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
314722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
314822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
314922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
315022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
315122c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
315222c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6a50000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
315322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
315422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
315522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
315622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
315722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
315822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
315922c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
316022c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
316122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
316222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
316322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
316422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
316522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
316622c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
316722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc67f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
316822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
316922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc67f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
317022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
317122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
317222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
317322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
317422c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
317522c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
317622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
317722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
317822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
317922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
318022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
318122c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
318222c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc67d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
318322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
318422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc67d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
318522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
318622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
318722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
318822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
318922c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
319022c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
319122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
319222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
319322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
319422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
319522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
319622c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
319722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc6630000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
319822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
319922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc6630000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
320022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
320122c4.3740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
320222c4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
320322c4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
320422c4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
320522c4.3740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
320622c4.3740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
320722c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
320822c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
320922c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
321022c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
321122c4.3740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
321222c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
321322c4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
321422c4.3740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
321522c4.3740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
321622c4.3740: supR3HardenedDllNotificationCallback: load 00007ffcc9540000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
321722c4.3740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
321822c4.3740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc9540000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
321922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
322022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
322122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
322222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
322322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
322422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
322522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
322622c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
322722c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
322822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
322922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
323022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
323122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
323222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
323322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
323422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
323522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
323622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
323722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
323822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
323922c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324022c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
324122c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcaf060000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
324222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
324322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcaf060000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
324422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
324522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5d80000 'C:\WINDOWS\system32\Iphlpapi.dll'
324722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
324822c4.3e28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
324922c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
325022c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd15f0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
325122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
325222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
325322c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
325422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
325522c4.3e28: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
325622c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
325722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd15d0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
325822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
325922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
326022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
326122c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
326222c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
326322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
326422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
326522c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
326622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
326722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
326822c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
326922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
327022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
327122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
327222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
327322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
327422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
327522c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
327622c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
327722c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
327822c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef8 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
327922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
328022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
328122c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
328222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
328322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
328422c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
328522c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
328622c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
328722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
328822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
328922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
329022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
329122c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
329222c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
329322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
329422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
329522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
329622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
329722c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
329822c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
329922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd5ff0000 LB 0x00066000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
330022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
330122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5ff0000 'C:\WINDOWS\system32\mswsock.dll'
330222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
330322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
330422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
330522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
330622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
330722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
330822c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
330922c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
331022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
331122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
331222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
331322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
331422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
331522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
331622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
331722c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
331822c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
331922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
332022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
332122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
332222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
332322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
332422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
332522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
332622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
332722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
332822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
332922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
333022c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
333122c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
333222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
333322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
333422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
333522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
333622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
333722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
333822c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
333922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
334022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
334122c4.3e28: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
334222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
334322c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
334422c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
334522c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
334622c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd68c0000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
334722c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
334822c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd3050000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
334922c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
335022c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd05f0000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
335122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
335222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd05f0000 'C:\WINDOWS\System32\MMDevApi.dll'
335322c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa4 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
335422c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
335522c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
335622c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
335722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
335822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
335922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
336022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
336122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
336222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
336322c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
336422c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
336522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
336622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
336722c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
336822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
336922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
337022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
337122c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
337222c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc42a0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
337322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
337422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
337522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
337622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\System32\dsound.dll'
337722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\System32\dsound.dll'
337822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
337922c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
338022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
338122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
338222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
338322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd05f0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
338422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
338522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
338622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
338722c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc0 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
338822c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
338922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
339022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
339122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
339222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
339322c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
339422c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
339522c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
339622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
339722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
339822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
339922c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
340022c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
340122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
340222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
340322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
340422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
340522c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
340622c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
340722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
340822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
340922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
341022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
341122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341222c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
341322c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
341422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
341522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
341622c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
341722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
341822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
341922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
342022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
342122c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
342222c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
342322c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
342422c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
342522c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffccfb00000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
342622c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
342722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd2060000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
342822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
342922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcc75a0000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
343022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
343122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
343222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
343322c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
343422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
343522c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
343622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
343722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
343822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
343922c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
344022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
344122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
344222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
344322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
344422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
344522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
344622c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
344722c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
344822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
344922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
345022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
345122c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
345222c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
345322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
345422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
345522c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
345622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
345722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
345822c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
345922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
346022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
346122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
346222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
346322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
346422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
346522c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
346622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346722c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
346822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
346922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
347022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
347122c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
347222c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
347322c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd2270000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
347422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
347522c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcb59e0000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
347622c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
347722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb59e0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
347822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
347922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
348022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
348122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
348222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
348322c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
348422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
348522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
348622c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
348722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
348822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
348922c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
349022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
349122c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
349222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
349322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
349422c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
349522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
349622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
349722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
349822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
349922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc75a0000 'C:\WINDOWS\System32\wdmaud.drv'
350022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c20 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
350122c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
350222c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
350322c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
350422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
350522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
350622c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
350722c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
350822c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
350922c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
351022c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
351122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
351222c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
351322c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
351422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
351522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
351622c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
351722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
351822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
351922c4.3e28: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
352022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
352122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
352222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
352322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
352422c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
352522c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
352622c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
352722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
352822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
352922c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
353022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
353222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
353422c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
353522c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
353622c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
353722c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd3250000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
353822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
353922c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd4b20000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
354022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
354122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
354222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
354322c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
354422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
354522c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
354622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
354722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
354822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
354922c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
355122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
355222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
355422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
355522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
355722c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
355822c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
356022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
356122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
356222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b20000 'C:\WINDOWS\System32\msacm32.drv'
356322c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
356422c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
356522c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
356622c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
356722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
356822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
356922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
357022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
357122c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
357222c4.3e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
357322c4.3e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
357422c4.3e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
357522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
357622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
357722c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
357822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
357922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
358022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
358122c4.3e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
358222c4.3e28: supR3HardenedDllNotificationCallback: load 00007ffcd4b10000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
358322c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
358422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b10000 'C:\WINDOWS\System32\midimap.dll'
358522c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
358622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
358722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b10000 'C:\WINDOWS\System32\midimap.dll'
358822c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
358922c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
359022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b10000 'C:\WINDOWS\System32\midimap.dll'
359122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
359222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
359322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd4b10000 'C:\WINDOWS\System32\midimap.dll'
359422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
359522c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
359622c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
359722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
359822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
359922c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
360022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
360122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcad240000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
360222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
360322c4.1258: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
360422c4.1258: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
360522c4.1258: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
360622c4.1258: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000011f4 (hFile=00000000000011e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
360722c4.1258: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
360822c4.1258: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000011e8 (hFile=00000000000011f4) with 0xc0000022 -> STATUS_TRUST_FAILURE
360922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
361022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
361122c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
361222c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
361322c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
361422c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
361522c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
361622c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
361722c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
361822c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
361922c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
362022c4.2160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
362122c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
362222c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
362322c4.2160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
362422c4.2160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
362522c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd5870000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
362622c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
362722c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd3b20000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
362822c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
362922c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcd1c10000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
363022c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
363122c4.2160: supR3HardenedDllNotificationCallback: load 00007ffcc75f0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
363222c4.2160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
363322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
363422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
363522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
363622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
363722c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
363822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
363922c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
364022c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
364122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
364222c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
364322c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
364422c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
364522c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
364622c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
364722c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
364822c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
364922c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
365022c4.3e28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
365122c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
365222c4.3e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
365322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
365422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
365522c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
365622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
365722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
365822c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
365922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
366022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
366122c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
366222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
366322c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
366422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
366522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
366622c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
366722c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011f0 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
366822c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003762eb0
366922c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003762eb0
367022c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0206821D153D3380EC7FACEFBF7AE60B7B8A2F1D
367122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd5c00000 'C:\WINDOWS\system32\rsaenh.dll'
367222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd76a0000 'C:\WINDOWS\System32\crypt32.dll'
367322c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_587_for_KB4074588~31bf3856ad364e35~amd64~~10.0.1.17.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
367422c4.3e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
367522c4.3e28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
367622c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
367722c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
367922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
368022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
368122c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
368222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
368322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
368422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
368522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
368622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
368722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
368822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
368922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
369022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
369122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
369222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
369322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
369422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
369522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
369622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
369722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
369822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
369922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
370122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
370522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
370822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
370922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
371022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
371122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
371222c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
371322c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
371422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
371522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
371622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
371722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
371822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
371922c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
372022c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
372222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
372322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
372422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
372522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
372622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
372722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
372822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
372922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
373322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
373722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
373822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
373922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
374122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
374522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
374822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
374922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
375122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
375322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
375722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
375922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
376022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
376122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
376222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
376322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
376422c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
376522c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
376622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
376722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
376822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
376922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
377022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
377122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
377222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
377322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
377422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
377522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
377622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
377722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
377822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
377922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
378322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
378522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
378722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
378922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
379122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
379522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
379722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
379822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
379922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
380322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
380722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
380822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
380922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
381122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
381522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
381822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
381922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
382122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
382322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
382722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
382922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
383122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
383322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
383522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
383822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
383922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
384322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
384522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
384722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
384922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
385122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
385522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
385722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
385822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
385922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
386322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
386622c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
386722c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
386822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
386922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
387022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
387122c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
387222c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
387322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
387422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
387522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
387622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
387722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
387822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
387922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
388122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
388522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
388822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
388922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
389122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
389322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
389722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
389922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
390122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
390322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
390522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
390822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
390922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
391322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
391522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
391722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
391922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
392122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
392522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
392722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
392822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
392922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
393322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
393722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
393822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
393922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
394122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
394522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
394822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
394922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
395122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
395322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
395722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
395922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
396122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
396322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
396722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
396822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
396922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
397122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
397522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
397822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
397922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
398122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
398322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
398722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
398922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
399122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
399322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
399522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
399822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
399922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
400322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
400522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
400722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
400922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
401122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
401522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
401722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
401822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
401922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
402322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
402722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
402822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
402922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
403122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
403522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
403822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
403922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
404122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
404322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
404722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
404922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
405022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
405122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
405222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
405322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
405422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
405522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
405622c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda660000 'C:\WINDOWS\System32\OLEAUT32.DLL'
405722c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
405822c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
405922c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd83c0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
406022c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
406122c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
406222c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd83c0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
406322c4.2160: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
406422c4.2160: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
406522c4.2160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcda190000 'api-ms-win-core-com-l1-1-0.dll'
406622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
406722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
406822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
406922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
407022c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
407122c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
407222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
407322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
407422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
407522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
407622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
407722c4.3e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
407822c4.3e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
407922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
408322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
408522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
408722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
408922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
409122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
409522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
409722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
409822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
409922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
410322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
410722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
410822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
410922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
411122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
411522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
411822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
411922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
412122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
412322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
412722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
412922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
413122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
413322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
413522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
413822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
413922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
414322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
414522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
414722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
414922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415022c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
415122c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415222c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415322c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415422c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
415522c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415622c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc42a0000 'C:\WINDOWS\system32\dsound.dll'
415722c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415822c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
415922c4.3e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd3300000 'C:\WINDOWS\System32\winmm.dll'
416022c4.3740: supR3HardenedDllNotificationCallback: Unload 00007ffcc9540000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
416122c4.3624: supR3HardenedDllNotificationCallback: Unload 00007ffcc9550000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
416222c4.291c: supR3HardenedDllNotificationCallback: Unload 00007ffcc9ea0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
416322c4.1578: supR3HardenedDllNotificationCallback: Unload 00007ffccbe30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
416422c4.24cc: supR3HardenedDllNotificationCallback: Unload 00007ffccc010000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
416522c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6630000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
416622c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc67d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
416722c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc67f0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
416822c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6a50000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
416922c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
417022c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffc9e410000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
417122c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6ff0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
417222c4.3e28: supR3HardenedDllNotificationCallback: Unload 00007ffcc6810000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy