VirtualBox

Ticket #17697: VBoxHardening.log

File VBoxHardening.log, 422.7 KB (added by blaine, 6 years ago)

VBoxHardening.log

Line 
12aac.1a48: Log file opened: 5.2.12r122591 g_hStartupLog=00000000000001c8 g_uNtVerCombined=0xa03ad700
22aac.1a48: \SystemRoot\System32\ntdll.dll:
32aac.1a48: CreationTime: 2017-12-28T09:42:41.155904300Z
42aac.1a48: LastWriteTime: 2017-09-05T05:26:19.169608500Z
52aac.1a48: ChangeTime: 2018-05-14T02:22:11.988091300Z
62aac.1a48: FileAttributes: 0x20
72aac.1a48: Size: 0x1d7658
82aac.1a48: NT Headers: 0xe0
92aac.1a48: Timestamp: 0x8274fd8b
102aac.1a48: Machine: 0x8664 - amd64
112aac.1a48: Timestamp: 0x8274fd8b
122aac.1a48: Image Version: 10.0
132aac.1a48: SizeOfImage: 0x1db000 (1945600)
142aac.1a48: Resource Dir: 0x170000 LB 0x69448
152aac.1a48: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162aac.1a48: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172aac.1a48: ProductName: Microsoft® Windows® Operating System
182aac.1a48: ProductVersion: 10.0.15063.608
192aac.1a48: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
202aac.1a48: FileDescription: NT Layer DLL
212aac.1a48: \SystemRoot\System32\kernel32.dll:
222aac.1a48: CreationTime: 2018-05-14T02:05:05.550488900Z
232aac.1a48: LastWriteTime: 2018-04-03T05:10:01.391244900Z
242aac.1a48: ChangeTime: 2018-05-14T02:30:04.490153000Z
252aac.1a48: FileAttributes: 0x20
262aac.1a48: Size: 0xad068
272aac.1a48: NT Headers: 0xf8
282aac.1a48: Timestamp: 0xc566ba39
292aac.1a48: Machine: 0x8664 - amd64
302aac.1a48: Timestamp: 0xc566ba39
312aac.1a48: Image Version: 10.0
322aac.1a48: SizeOfImage: 0xae000 (712704)
332aac.1a48: Resource Dir: 0xac000 LB 0x520
342aac.1a48: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352aac.1a48: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362aac.1a48: ProductName: Microsoft® Windows® Operating System
372aac.1a48: ProductVersion: 10.0.15063.1058
382aac.1a48: FileVersion: 10.0.15063.1058 (WinBuild.160101.0800)
392aac.1a48: FileDescription: Windows NT BASE API Client DLL
402aac.1a48: \SystemRoot\System32\KernelBase.dll:
412aac.1a48: CreationTime: 2018-04-13T05:17:44.888383700Z
422aac.1a48: LastWriteTime: 2018-03-30T05:26:37.014576400Z
432aac.1a48: ChangeTime: 2018-05-14T02:22:11.930080900Z
442aac.1a48: FileAttributes: 0x20
452aac.1a48: Size: 0x2493f0
462aac.1a48: NT Headers: 0x100
472aac.1a48: Timestamp: 0x8ecb0e
482aac.1a48: Machine: 0x8664 - amd64
492aac.1a48: Timestamp: 0x8ecb0e
502aac.1a48: Image Version: 10.0
512aac.1a48: SizeOfImage: 0x249000 (2396160)
522aac.1a48: Resource Dir: 0x22a000 LB 0x548
532aac.1a48: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542aac.1a48: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552aac.1a48: ProductName: Microsoft® Windows® Operating System
562aac.1a48: ProductVersion: 10.0.15063.1029
572aac.1a48: FileVersion: 10.0.15063.1029 (WinBuild.160101.0800)
582aac.1a48: FileDescription: Windows NT BASE API Client DLL
592aac.1a48: \SystemRoot\System32\apisetschema.dll:
602aac.1a48: CreationTime: 2017-03-18T20:57:35.373527900Z
612aac.1a48: LastWriteTime: 2017-03-18T20:57:35.373527900Z
622aac.1a48: ChangeTime: 2017-12-21T19:46:14.124167300Z
632aac.1a48: FileAttributes: 0x20
642aac.1a48: Size: 0x1ada0
652aac.1a48: NT Headers: 0xc0
662aac.1a48: Timestamp: 0x76544b2
672aac.1a48: Machine: 0x8664 - amd64
682aac.1a48: Timestamp: 0x76544b2
692aac.1a48: Image Version: 10.0
702aac.1a48: SizeOfImage: 0x1b000 (110592)
712aac.1a48: Resource Dir: 0x1a000 LB 0x408
722aac.1a48: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732aac.1a48: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742aac.1a48: ProductName: Microsoft® Windows® Operating System
752aac.1a48: ProductVersion: 10.0.15063.0
762aac.1a48: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
772aac.1a48: FileDescription: ApiSet Schema DLL
782aac.1a48: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792aac.1a48: supR3HardenedWinFindAdversaries: 0x20083
802aac.1a48: \SystemRoot\System32\drivers\SysPlant.sys:
812aac.1a48: CreationTime: 2017-02-07T07:00:53.205024500Z
822aac.1a48: LastWriteTime: 2018-03-08T04:37:22.992733500Z
832aac.1a48: ChangeTime: 2018-03-08T04:37:22.992733500Z
842aac.1a48: FileAttributes: 0x20
852aac.1a48: Size: 0x30548
862aac.1a48: NT Headers: 0xf0
872aac.1a48: Timestamp: 0x5a1adc8a
882aac.1a48: Machine: 0x8664 - amd64
892aac.1a48: Timestamp: 0x5a1adc8a
902aac.1a48: Image Version: 5.0
912aac.1a48: SizeOfImage: 0x31000 (200704)
922aac.1a48: Resource Dir: 0x2f000 LB 0x49c
932aac.1a48: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
942aac.1a48: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
952aac.1a48: ProductName: Symantec CMC Firewall
962aac.1a48: ProductVersion: 14.0.3856.1100
972aac.1a48: FileVersion: 14.0.3856.1100
982aac.1a48: FileDescription: Symantec CMC Firewall SysPlant
992aac.1a48: \SystemRoot\System32\sysfer.dll:
1002aac.1a48: CreationTime: 2017-02-07T07:00:53.173800100Z
1012aac.1a48: LastWriteTime: 2018-03-08T04:37:22.992733500Z
1022aac.1a48: ChangeTime: 2018-03-08T04:37:22.992733500Z
1032aac.1a48: FileAttributes: 0x20
1042aac.1a48: Size: 0x7cee8
1052aac.1a48: NT Headers: 0xf8
1062aac.1a48: Timestamp: 0x5a1adc96
1072aac.1a48: Machine: 0x8664 - amd64
1082aac.1a48: Timestamp: 0x5a1adc96
1092aac.1a48: Image Version: 0.0
1102aac.1a48: SizeOfImage: 0x95000 (610304)
1112aac.1a48: Resource Dir: 0x91000 LB 0x490
1122aac.1a48: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132aac.1a48: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
1142aac.1a48: ProductName: Symantec CMC Firewall
1152aac.1a48: ProductVersion: 14.0.3856.1100
1162aac.1a48: FileVersion: 14.0.3856.1100
1172aac.1a48: FileDescription: Symantec CMC Firewall sysfer
1182aac.1a48: \SystemRoot\System32\drivers\symevent64x86.sys:
1192aac.1a48: CreationTime: 2017-02-07T07:01:26.422016700Z
1202aac.1a48: LastWriteTime: 2018-03-07T04:33:59.877082300Z
1212aac.1a48: ChangeTime: 2018-03-08T04:37:24.616695800Z
1222aac.1a48: FileAttributes: 0x20
1232aac.1a48: Size: 0x19098
1242aac.1a48: NT Headers: 0xe0
1252aac.1a48: Timestamp: 0x59fcb42b
1262aac.1a48: Machine: 0x8664 - amd64
1272aac.1a48: Timestamp: 0x59fcb42b
1282aac.1a48: Image Version: 6.2
1292aac.1a48: SizeOfImage: 0x23000 (143360)
1302aac.1a48: Resource Dir: 0x21000 LB 0x3c8
1312aac.1a48: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322aac.1a48: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
1332aac.1a48: ProductName: SYMEVENT
1342aac.1a48: ProductVersion: 14.0.5.9
1352aac.1a48: FileVersion: 14.0.5.9
1362aac.1a48: FileDescription: Symantec Event Library
1372aac.1a48: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
1382aac.1a48: CreationTime: 2017-11-23T04:25:55.932359500Z
1392aac.1a48: LastWriteTime: 2017-11-23T05:51:57.309569000Z
1402aac.1a48: ChangeTime: 2017-12-21T04:00:29.810996100Z
1412aac.1a48: FileAttributes: 0x20
1422aac.1a48: Size: 0x319c0
1432aac.1a48: NT Headers: 0xe0
1442aac.1a48: Timestamp: 0x5795342f
1452aac.1a48: Machine: 0x8664 - amd64
1462aac.1a48: Timestamp: 0x5795342f
1472aac.1a48: Image Version: 6.1
1482aac.1a48: SizeOfImage: 0x34000 (212992)
1492aac.1a48: Resource Dir: 0x32000 LB 0x3b8
1502aac.1a48: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1512aac.1a48: [Raw version resource data: 0x32060 LB 0x354, codepage 0x0 (reserved 0x0)]
1522aac.1a48: ProductName: Malwarebytes Anti-Malware
1532aac.1a48: ProductVersion: 0.3.0.0
1542aac.1a48: FileVersion: 0.3.0.0
1552aac.1a48: FileDescription: Malwarebytes Anti-Malware
1562aac.1a48: \SystemRoot\System32\drivers\PGDriver.sys:
1572aac.1a48: CreationTime: 2017-08-28T13:45:44.481801100Z
1582aac.1a48: LastWriteTime: 2017-06-22T05:50:20.000000000Z
1592aac.1a48: ChangeTime: 2018-05-24T09:04:08.433217200Z
1602aac.1a48: FileAttributes: 0x20
1612aac.1a48: Size: 0x8490
1622aac.1a48: NT Headers: 0xf8
1632aac.1a48: Timestamp: 0x59394114
1642aac.1a48: Machine: 0x8664 - amd64
1652aac.1a48: Timestamp: 0x59394114
1662aac.1a48: Image Version: 6.3
1672aac.1a48: SizeOfImage: 0xb000 (45056)
1682aac.1a48: Resource Dir: 0x9000 LB 0x430
1692aac.1a48: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1702aac.1a48: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1712aac.1a48: ProductName: Avecto Defendpoint
1722aac.1a48: ProductVersion: 2017.06.08.1
1732aac.1a48: FileVersion: 2017.06.08.1
1742aac.1a48: SpecialBuild: D
1752aac.1a48: FileDescription: Defendpoint Driver
1762aac.1a48: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1772aac.1a48: Calling main()
1782aac.1a48: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1792aac.1a48: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1802aac.1a48: SUPR3HardenedMain: Respawn #1
1812aac.1a48: System32: \Device\HarddiskVolume4\Windows\System32
1822aac.1a48: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1832aac.1a48: KnownDllPath: C:\WINDOWS\System32
1842aac.1a48: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1852aac.1a48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1862aac.1a48: supR3HardNtEnableThreadCreation:
1872aac.1a48: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffab8579ac0 pvNtTerminateThread=00007ffab85a5df0
1882aac.1a48: supR3HardenedWinDoReSpawn(1): New child 1060.47b4 [kernel32].
1892aac.1a48: supR3HardNtChildGatherData: PebBaseAddress=00000000005c1000 cbPeb=0x388
1902aac.1a48: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffab8500000 uNtDllChildAddr=00007ffab8500000
1912aac.1a48: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffab8579ac0
1922aac.1a48: supR3HardenedWinSetupChildInit: Start child.
1932aac.1a48: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1942aac.1a48: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 61 sleeps
1952aac.1a48: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1962aac.1a48: *0000000000000000-000000000032ffff 0x0001/0x0000 0x0000000
1972aac.1a48: *0000000000330000-000000000034ffff 0x0004/0x0004 0x0020000
1982aac.1a48: *0000000000350000-0000000000367fff 0x0002/0x0002 0x0040000
1992aac.1a48: 0000000000368000-000000000036ffff 0x0001/0x0000 0x0000000
2002aac.1a48: *0000000000370000-0000000000373fff 0x0002/0x0002 0x0040000
2012aac.1a48: 0000000000374000-000000000037ffff 0x0001/0x0000 0x0000000
2022aac.1a48: *0000000000380000-0000000000380fff 0x0004/0x0004 0x0020000
2032aac.1a48: 0000000000381000-000000000038ffff 0x0001/0x0000 0x0000000
2042aac.1a48: *0000000000390000-0000000000390fff 0x0004/0x0004 0x0020000
2052aac.1a48: 0000000000391000-00000000003fffff 0x0001/0x0000 0x0000000
2062aac.1a48: *0000000000400000-00000000005c0fff 0x0000/0x0004 0x0020000
2072aac.1a48: 00000000005c1000-00000000005c3fff 0x0004/0x0004 0x0020000
2082aac.1a48: 00000000005c4000-00000000005fffff 0x0000/0x0004 0x0020000
2092aac.1a48: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
2102aac.1a48: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
2112aac.1a48: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
2122aac.1a48: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
2132aac.1a48: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2142aac.1a48: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2152aac.1a48: 000000007fff0000-00007ff6e5b4ffff 0x0001/0x0000 0x0000000
2162aac.1a48: *00007ff6e5b50000-00007ff6e5b72fff 0x0002/0x0002 0x0040000
2172aac.1a48: 00007ff6e5b73000-00007ff6e60effff 0x0001/0x0000 0x0000000
2182aac.1a48: *00007ff6e60f0000-00007ff6e60f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2192aac.1a48: 00007ff6e60f1000-00007ff6e6161fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2202aac.1a48: 00007ff6e6162000-00007ff6e6162fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2212aac.1a48: 00007ff6e6163000-00007ff6e61a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2222aac.1a48: 00007ff6e61a9000-00007ff6e61a9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2232aac.1a48: 00007ff6e61aa000-00007ff6e61aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2242aac.1a48: 00007ff6e61ab000-00007ff6e61affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2252aac.1a48: 00007ff6e61b0000-00007ff6e61b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2262aac.1a48: 00007ff6e61b1000-00007ff6e61b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2272aac.1a48: 00007ff6e61b2000-00007ff6e61b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2282aac.1a48: 00007ff6e61b6000-00007ff6e61fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2292aac.1a48: 00007ff6e61fe000-00007ffab84fffff 0x0001/0x0000 0x0000000
2302aac.1a48: *00007ffab8500000-00007ffab8500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2312aac.1a48: 00007ffab8501000-00007ffab860ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2322aac.1a48: 00007ffab8610000-00007ffab8654fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2332aac.1a48: 00007ffab8655000-00007ffab865afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2342aac.1a48: 00007ffab865b000-00007ffab865bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2352aac.1a48: 00007ffab865c000-00007ffab865cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2362aac.1a48: 00007ffab865d000-00007ffab866afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2372aac.1a48: 00007ffab866b000-00007ffab866bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2382aac.1a48: 00007ffab866c000-00007ffab866efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2392aac.1a48: 00007ffab866f000-00007ffab86dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2402aac.1a48: 00007ffab86db000-00007ffffffdffff 0x0001/0x0000 0x0000000
2412aac.1a48: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2422aac.1a48: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS)
2432aac.1a48: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2442aac.1a48: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2452aac.1a48: supR3HardNtChildPurify: Done after 571 ms and 0 fixes (loop #0).
2462aac.1a48: supR3HardNtEnableThreadCreation:
2471060.47b4: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
2481060.47b4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffab8500000 g_uNtVerCombined=0xa03ad700
2491060.47b4: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
2501060.47b4: New simple heap: #1 0000000000800000 LB 0x400000 (for 1945600 allocation)
2511060.47b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2521060.47b4: System32: \Device\HarddiskVolume4\Windows\System32
2531060.47b4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2541060.47b4: KnownDllPath: C:\WINDOWS\System32
2551060.47b4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2561060.47b4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2571060.47b4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2581060.47b4: Registered Dll notification callback with NTDLL.
2591060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
2601060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2611060.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2621060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab5810000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2631060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
2641060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
2651060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab81d0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2661060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2671060.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
2681060.47b4: supR3HardenedDllNotificationCallback: load 00007ff6e60f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2691060.47b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2701060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2711060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2721060.47b4: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)
2731060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2741060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
2751060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
2761060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll)
2771060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll
2781060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
2791060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
2801060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
2811060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
2821060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
2831060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
2841060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2851060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2861060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'secur32.dll'.
2871060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2881060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2891060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2901060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
2911060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2921060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2931060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr120.dll'.
2941060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp120.dll'.
2951060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
2961060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll)
2971060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll
2981060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2991060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3001060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3011060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
3021060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
3031060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
3041060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
3051060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp120.dll'...
3061060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp120.dll' [rcNtRedir=0xc0150008]
3071060.34a4: \Device\HarddiskVolume4\Windows\System32\msvcp120.dll: Owner is administrators group.
3081060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr120.dll'.
3091060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp120.dll)
3101060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp120.dll
3111060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'...
3121060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008]
3131060.34a4: \Device\HarddiskVolume4\Windows\System32\msvcr120.dll: Owner is administrators group.
3141060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcr120.dll)
3151060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcr120.dll
3161060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3171060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3181060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3191060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
3201060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
3211060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)
3221060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
3231060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3241060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3251060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
3261060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
3271060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
3281060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
3291060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)
3301060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
3311060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
3321060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
3331060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3341060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
3351060.34a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
3361060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
3371060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3381060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3391060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
3401060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
3411060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3421060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3431060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
3441060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
3451060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
3461060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
3471060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
3481060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
3491060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3501060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
3511060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
3521060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
3531060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
3541060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
3551060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume4\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
3561060.34a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\secur32.dll)
3571060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\secur32.dll
3581060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3591060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3601060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
3611060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
3621060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3631060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3641060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
3651060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)
3661060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
3671060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3681060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3691060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
3701060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
3711060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3721060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3731060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
3741060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3751060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3761060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3771060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3781060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3791060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
3801060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
3811060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3821060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3831060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3841060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3851060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3861060.34a4: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
3871060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
3881060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
3891060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3901060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3911060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
3921060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
3931060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3941060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3951060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3961060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3971060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3981060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3991060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
4001060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
4011060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
4021060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4031060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4041060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
4051060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4061060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4071060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4081060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4091060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4101060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4111060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4121060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4131060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4141060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4151060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4161060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
4171060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
4181060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
4191060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
4201060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
4211060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'...
4221060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008]
4231060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
4241060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4251060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4261060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4271060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
4281060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
4291060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4301060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
4311060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
4321060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4331060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4341060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4351060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4361060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4371060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4381060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
4391060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
4401060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
4411060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4421060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4431060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4441060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4451060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4461060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust]
4471060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\secur32.dll [lacks WinVerifyTrust]
4481060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust]
4491060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
4501060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp120.dll [lacks WinVerifyTrust]
4511060.34a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4521060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
4531060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sspicli.dll)
4541060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sspicli.dll
4551060.34a4: supR3HardenedDllNotificationCallback: load 00007ffaa9c30000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\Secur32.dll [fFlags=0x0]
4561060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\secur32.dll [lacks WinVerifyTrust]
4571060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab7c60000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4581060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4591060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab55a0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4601060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4611060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
4621060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
4631060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
4641060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
4651060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
4661060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
4671060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4681060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4691060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4701060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4711060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4721060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4731060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
4741060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4751060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4761060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4771060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4781060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4791060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4801060.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4811060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
4821060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4831060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab5ac0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4841060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4851060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab4c10000 LB 0x0006a000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
4861060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4871060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab5f20000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
4881060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
4891060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab56a0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
4901060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
4911060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab5740000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
4921060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
4931060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab7770000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
4941060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
4951060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab4a20000 LB 0x00187000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
4961060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
4971060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
4981060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
4991060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
5001060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
5011060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5021060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab7d00000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
5031060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5041060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab5bf0000 LB 0x00051000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
5051060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
5061060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab4530000 LB 0x00025000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0]
5071060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5081060.34a4: supR3HardenedDllNotificationCallback: load 00007ffaabcb0000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
5091060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust]
5101060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab7c00000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
5111060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5121060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab7ab0000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
5131060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll [lacks WinVerifyTrust]
5141060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab76b0000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
5151060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
5161060.34a4: supR3HardenedDllNotificationCallback: load 00007ffaaec10000 LB 0x000ef000 C:\WINDOWS\SYSTEM32\MSVCR120.dll [fFlags=0x0]
5171060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
5181060.34a4: supR3HardenedDllNotificationCallback: load 00007ffaae030000 LB 0x000a6000 C:\WINDOWS\SYSTEM32\MSVCP120.dll [fFlags=0x0]
5191060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp120.dll [lacks WinVerifyTrust]
5201060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab78f0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
5211060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5221060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab48a0000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
5231060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sspicli.dll [lacks WinVerifyTrust]
5241060.34a4: supR3HardenedDllNotificationCallback: load 00007ffa91e10000 LB 0x0006a000 C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [fFlags=0x0]
5251060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust]
5261060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5271060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5281060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
5291060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5301060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5311060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
5321060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5331060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5341060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
5351060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5361060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5371060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
5381060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5391060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5401060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-l1-2-1'
5411060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5421060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5431060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5441060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5451060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5461060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5471060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
5481060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
5491060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
5501060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5511060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
5521060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
5531060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
5541060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5551060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\kernel32.dll'
5561060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
5571060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5581060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-string-l1-1-0'
5591060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
5601060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5611060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-datetime-l1-1-1'
5621060.34a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
5631060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5641060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-obsolete-l1-2-0'
5651060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
5661060.34a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
5671060.34a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
5681060.34a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
5691060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5701060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5711060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5721060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5731060.34a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5741060.34a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
5751060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
5761060.34a4: supR3HardenedDllNotificationCallback: load 00007ffab6220000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
5771060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
5781060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6220000 'C:\WINDOWS\system32\IMM32.DLL'
5791060.34a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5801060.34a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5811060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\kernel32.dll'
5821060.34a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa91e10000 'C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll'
5831060.47b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
5841060.47b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
5851060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab5550000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
5861060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
5871060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
5881060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab5df0000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
5891060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5901060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
5911060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
5921060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
5931060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5941060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab4990000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
5951060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
5961060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
5971060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
5981060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
5991060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab49d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
6001060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6011060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
6021060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6031060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab49b0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6041060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
6051060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
6061060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab4e50000 LB 0x006f1000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
6071060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6081060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
6091060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
6101060.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
6111060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
6121060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
6131060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab6250000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
6141060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
6151060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab8490000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
6161060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
6171060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab78e0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
6181060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
6191060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab4060000 LB 0x000a4000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
6201060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
6211060.47b4: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
6221060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
6231060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)
6241060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6251060.47b4: supR3HardenedDllNotificationCallback: load 00007ffab4020000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
6261060.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
6271060.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll'
6281060.47b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffab8579ac0 pvNtTerminateThread=00007ffab85a5df0
6292aac.1a48: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 598 ms.
6301060.47b4: \SystemRoot\System32\ntdll.dll:
6311060.47b4: CreationTime: 2017-12-28T09:42:41.155904300Z
6321060.47b4: LastWriteTime: 2017-09-05T05:26:19.169608500Z
6331060.47b4: ChangeTime: 2018-05-14T02:22:11.988091300Z
6341060.47b4: FileAttributes: 0x20
6351060.47b4: Size: 0x1d7658
6361060.47b4: NT Headers: 0xe0
6371060.47b4: Timestamp: 0x8274fd8b
6381060.47b4: Machine: 0x8664 - amd64
6391060.47b4: Timestamp: 0x8274fd8b
6401060.47b4: Image Version: 10.0
6411060.47b4: SizeOfImage: 0x1db000 (1945600)
6421060.47b4: Resource Dir: 0x170000 LB 0x69448
6431060.47b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6441060.47b4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6451060.47b4: ProductName: Microsoft® Windows® Operating System
6461060.47b4: ProductVersion: 10.0.15063.608
6471060.47b4: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
6481060.47b4: FileDescription: NT Layer DLL
6491060.47b4: \SystemRoot\System32\kernel32.dll:
6501060.47b4: CreationTime: 2018-05-14T02:05:05.550488900Z
6511060.47b4: LastWriteTime: 2018-04-03T05:10:01.391244900Z
6521060.47b4: ChangeTime: 2018-05-14T02:30:04.490153000Z
6531060.47b4: FileAttributes: 0x20
6541060.47b4: Size: 0xad068
6551060.47b4: NT Headers: 0xf8
6561060.47b4: Timestamp: 0xc566ba39
6571060.47b4: Machine: 0x8664 - amd64
6581060.47b4: Timestamp: 0xc566ba39
6591060.47b4: Image Version: 10.0
6601060.47b4: SizeOfImage: 0xae000 (712704)
6611060.47b4: Resource Dir: 0xac000 LB 0x520
6621060.47b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6631060.47b4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6641060.47b4: ProductName: Microsoft® Windows® Operating System
6651060.47b4: ProductVersion: 10.0.15063.1058
6661060.47b4: FileVersion: 10.0.15063.1058 (WinBuild.160101.0800)
6671060.47b4: FileDescription: Windows NT BASE API Client DLL
6681060.47b4: \SystemRoot\System32\KernelBase.dll:
6691060.47b4: CreationTime: 2018-04-13T05:17:44.888383700Z
6701060.47b4: LastWriteTime: 2018-03-30T05:26:37.014576400Z
6711060.47b4: ChangeTime: 2018-05-14T02:22:11.930080900Z
6721060.47b4: FileAttributes: 0x20
6731060.47b4: Size: 0x2493f0
6741060.47b4: NT Headers: 0x100
6751060.47b4: Timestamp: 0x8ecb0e
6761060.47b4: Machine: 0x8664 - amd64
6771060.47b4: Timestamp: 0x8ecb0e
6781060.47b4: Image Version: 10.0
6791060.47b4: SizeOfImage: 0x249000 (2396160)
6801060.47b4: Resource Dir: 0x22a000 LB 0x548
6811060.47b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6821060.47b4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6831060.47b4: ProductName: Microsoft® Windows® Operating System
6841060.47b4: ProductVersion: 10.0.15063.1029
6851060.47b4: FileVersion: 10.0.15063.1029 (WinBuild.160101.0800)
6861060.47b4: FileDescription: Windows NT BASE API Client DLL
6871060.47b4: \SystemRoot\System32\apisetschema.dll:
6881060.47b4: CreationTime: 2017-03-18T20:57:35.373527900Z
6891060.47b4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6901060.47b4: ChangeTime: 2017-12-21T19:46:14.124167300Z
6911060.47b4: FileAttributes: 0x20
6921060.47b4: Size: 0x1ada0
6931060.47b4: NT Headers: 0xc0
6941060.47b4: Timestamp: 0x76544b2
6951060.47b4: Machine: 0x8664 - amd64
6961060.47b4: Timestamp: 0x76544b2
6971060.47b4: Image Version: 10.0
6981060.47b4: SizeOfImage: 0x1b000 (110592)
6991060.47b4: Resource Dir: 0x1a000 LB 0x408
7001060.47b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7011060.47b4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7021060.47b4: ProductName: Microsoft® Windows® Operating System
7031060.47b4: ProductVersion: 10.0.15063.0
7041060.47b4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
7051060.47b4: FileDescription: ApiSet Schema DLL
7061060.47b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7071060.47b4: supR3HardenedWinFindAdversaries: 0x20083
7081060.47b4: \SystemRoot\System32\drivers\SysPlant.sys:
7091060.47b4: CreationTime: 2017-02-07T07:00:53.205024500Z
7101060.47b4: LastWriteTime: 2018-03-08T04:37:22.992733500Z
7111060.47b4: ChangeTime: 2018-03-08T04:37:22.992733500Z
7121060.47b4: FileAttributes: 0x20
7131060.47b4: Size: 0x30548
7141060.47b4: NT Headers: 0xf0
7151060.47b4: Timestamp: 0x5a1adc8a
7161060.47b4: Machine: 0x8664 - amd64
7171060.47b4: Timestamp: 0x5a1adc8a
7181060.47b4: Image Version: 5.0
7191060.47b4: SizeOfImage: 0x31000 (200704)
7201060.47b4: Resource Dir: 0x2f000 LB 0x49c
7211060.47b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7221060.47b4: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
7231060.47b4: ProductName: Symantec CMC Firewall
7241060.47b4: ProductVersion: 14.0.3856.1100
7251060.47b4: FileVersion: 14.0.3856.1100
7261060.47b4: FileDescription: Symantec CMC Firewall SysPlant
7271060.47b4: \SystemRoot\System32\sysfer.dll:
7281060.47b4: CreationTime: 2017-02-07T07:00:53.173800100Z
7291060.47b4: LastWriteTime: 2018-03-08T04:37:22.992733500Z
7301060.47b4: ChangeTime: 2018-03-08T04:37:22.992733500Z
7311060.47b4: FileAttributes: 0x20
7321060.47b4: Size: 0x7cee8
7331060.47b4: NT Headers: 0xf8
7341060.47b4: Timestamp: 0x5a1adc96
7351060.47b4: Machine: 0x8664 - amd64
7361060.47b4: Timestamp: 0x5a1adc96
7371060.47b4: Image Version: 0.0
7381060.47b4: SizeOfImage: 0x95000 (610304)
7391060.47b4: Resource Dir: 0x91000 LB 0x490
7401060.47b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7411060.47b4: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
7421060.47b4: ProductName: Symantec CMC Firewall
7431060.47b4: ProductVersion: 14.0.3856.1100
7441060.47b4: FileVersion: 14.0.3856.1100
7451060.47b4: FileDescription: Symantec CMC Firewall sysfer
7461060.47b4: \SystemRoot\System32\drivers\symevent64x86.sys:
7471060.47b4: CreationTime: 2017-02-07T07:01:26.422016700Z
7481060.47b4: LastWriteTime: 2018-03-07T04:33:59.877082300Z
7491060.47b4: ChangeTime: 2018-03-08T04:37:24.616695800Z
7501060.47b4: FileAttributes: 0x20
7511060.47b4: Size: 0x19098
7521060.47b4: NT Headers: 0xe0
7531060.47b4: Timestamp: 0x59fcb42b
7541060.47b4: Machine: 0x8664 - amd64
7551060.47b4: Timestamp: 0x59fcb42b
7561060.47b4: Image Version: 6.2
7571060.47b4: SizeOfImage: 0x23000 (143360)
7581060.47b4: Resource Dir: 0x21000 LB 0x3c8
7591060.47b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7601060.47b4: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
7611060.47b4: ProductName: SYMEVENT
7621060.47b4: ProductVersion: 14.0.5.9
7631060.47b4: FileVersion: 14.0.5.9
7641060.47b4: FileDescription: Symantec Event Library
7651060.47b4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
7661060.47b4: CreationTime: 2017-11-23T04:25:55.932359500Z
7671060.47b4: LastWriteTime: 2017-11-23T05:51:57.309569000Z
7681060.47b4: ChangeTime: 2017-12-21T04:00:29.810996100Z
7691060.47b4: FileAttributes: 0x20
7701060.47b4: Size: 0x319c0
7711060.47b4: NT Headers: 0xe0
7721060.47b4: Timestamp: 0x5795342f
7731060.47b4: Machine: 0x8664 - amd64
7741060.47b4: Timestamp: 0x5795342f
7751060.47b4: Image Version: 6.1
7761060.47b4: SizeOfImage: 0x34000 (212992)
7771060.47b4: Resource Dir: 0x32000 LB 0x3b8
7781060.47b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7791060.47b4: [Raw version resource data: 0x32060 LB 0x354, codepage 0x0 (reserved 0x0)]
7801060.47b4: ProductName: Malwarebytes Anti-Malware
7811060.47b4: ProductVersion: 0.3.0.0
7821060.47b4: FileVersion: 0.3.0.0
7831060.47b4: FileDescription: Malwarebytes Anti-Malware
7841060.47b4: \SystemRoot\System32\drivers\PGDriver.sys:
7851060.47b4: CreationTime: 2017-08-28T13:45:44.481801100Z
7861060.47b4: LastWriteTime: 2017-06-22T05:50:20.000000000Z
7871060.47b4: ChangeTime: 2018-05-24T09:04:08.433217200Z
7881060.47b4: FileAttributes: 0x20
7891060.47b4: Size: 0x8490
7901060.47b4: NT Headers: 0xf8
7911060.47b4: Timestamp: 0x59394114
7921060.47b4: Machine: 0x8664 - amd64
7931060.47b4: Timestamp: 0x59394114
7941060.47b4: Image Version: 6.3
7951060.47b4: SizeOfImage: 0xb000 (45056)
7961060.47b4: Resource Dir: 0x9000 LB 0x430
7971060.47b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7981060.47b4: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
7991060.47b4: ProductName: Avecto Defendpoint
8001060.47b4: ProductVersion: 2017.06.08.1
8011060.47b4: FileVersion: 2017.06.08.1
8021060.47b4: SpecialBuild: D
8031060.47b4: FileDescription: Defendpoint Driver
8041060.47b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8051060.47b4: Calling main()
8061060.47b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8071060.47b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8081060.47b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8091060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8101060.47b4: SUPR3HardenedMain: Respawn #2
8111060.47b4: supR3HardNtEnableThreadCreation:
8121060.47b4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
8131060.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
8141060.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8151060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8161060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8171060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8181060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8191060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8201060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
8211060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8221060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8231060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8241060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8251060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8261060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8271060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8281060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8291060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8301060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8311060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8321060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8331060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8341060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8351060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8361060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8371060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8381060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
8391060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8401060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8411060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8421060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8431060.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8441060.47b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8451060.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8461060.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8500000 'C:\WINDOWS\System32\ntdll.dll'
8471060.47b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffab8579ac0 pvNtTerminateThread=00007ffab85a5df0
8481060.47b4: supR3HardenedWinDoReSpawn(2): New child 4fb4.4f20 [kernel32].
8491060.47b4: supR3HardNtChildGatherData: PebBaseAddress=0000000000948000 cbPeb=0x388
8501060.47b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffab8500000 uNtDllChildAddr=00007ffab8500000
8511060.47b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffab8579ac0
8521060.47b4: supR3HardenedWinSetupChildInit: Start child.
8531060.47b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8541060.47b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 61 sleeps
8551060.47b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
8561060.47b4: *0000000000000000-000000000069ffff 0x0001/0x0000 0x0000000
8571060.47b4: *00000000006a0000-00000000006bffff 0x0004/0x0004 0x0020000
8581060.47b4: *00000000006c0000-00000000006d7fff 0x0002/0x0002 0x0040000
8591060.47b4: 00000000006d8000-00000000006dffff 0x0001/0x0000 0x0000000
8601060.47b4: *00000000006e0000-00000000007dafff 0x0000/0x0004 0x0020000
8611060.47b4: 00000000007db000-00000000007ddfff 0x0104/0x0004 0x0020000
8621060.47b4: 00000000007de000-00000000007dffff 0x0004/0x0004 0x0020000
8631060.47b4: *00000000007e0000-00000000007e3fff 0x0002/0x0002 0x0040000
8641060.47b4: 00000000007e4000-00000000007effff 0x0001/0x0000 0x0000000
8651060.47b4: *00000000007f0000-00000000007f0fff 0x0004/0x0004 0x0020000
8661060.47b4: 00000000007f1000-00000000007fffff 0x0001/0x0000 0x0000000
8671060.47b4: *0000000000800000-0000000000947fff 0x0000/0x0004 0x0020000
8681060.47b4: 0000000000948000-000000000094afff 0x0004/0x0004 0x0020000
8691060.47b4: 000000000094b000-00000000009fffff 0x0000/0x0004 0x0020000
8701060.47b4: *0000000000a00000-0000000000a00fff 0x0004/0x0004 0x0020000
8711060.47b4: 0000000000a01000-000000007ffdffff 0x0001/0x0000 0x0000000
8721060.47b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
8731060.47b4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
8741060.47b4: 000000007fff0000-00007ff6e57cffff 0x0001/0x0000 0x0000000
8751060.47b4: *00007ff6e57d0000-00007ff6e57f2fff 0x0002/0x0002 0x0040000
8761060.47b4: 00007ff6e57f3000-00007ff6e60effff 0x0001/0x0000 0x0000000
8771060.47b4: *00007ff6e60f0000-00007ff6e60f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8781060.47b4: 00007ff6e60f1000-00007ff6e6161fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8791060.47b4: 00007ff6e6162000-00007ff6e6162fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8801060.47b4: 00007ff6e6163000-00007ff6e61a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8811060.47b4: 00007ff6e61a9000-00007ff6e61a9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8821060.47b4: 00007ff6e61aa000-00007ff6e61aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8831060.47b4: 00007ff6e61ab000-00007ff6e61affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8841060.47b4: 00007ff6e61b0000-00007ff6e61b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8851060.47b4: 00007ff6e61b1000-00007ff6e61b1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8861060.47b4: 00007ff6e61b2000-00007ff6e61b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8871060.47b4: 00007ff6e61b6000-00007ff6e61fdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8881060.47b4: 00007ff6e61fe000-00007ffab84fffff 0x0001/0x0000 0x0000000
8891060.47b4: *00007ffab8500000-00007ffab8500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8901060.47b4: 00007ffab8501000-00007ffab860ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8911060.47b4: 00007ffab8610000-00007ffab8654fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8921060.47b4: 00007ffab8655000-00007ffab865afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8931060.47b4: 00007ffab865b000-00007ffab865bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8941060.47b4: 00007ffab865c000-00007ffab865cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8951060.47b4: 00007ffab865d000-00007ffab866afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8961060.47b4: 00007ffab866b000-00007ffab866bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8971060.47b4: 00007ffab866c000-00007ffab866efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8981060.47b4: 00007ffab866f000-00007ffab86dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8991060.47b4: 00007ffab86db000-00007ffffffdffff 0x0001/0x0000 0x0000000
9001060.47b4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
9011060.47b4: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS)
9021060.47b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
9031060.47b4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
9041060.47b4: supR3HardNtChildPurify: Done after 578 ms and 0 fixes (loop #0).
9051060.47b4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
9061060.47b4: supR3HardNtEnableThreadCreation:
9074fb4.4f20: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
9084fb4.4f20: supR3HardenedVmProcessInit: uNtDllAddr=00007ffab8500000 g_uNtVerCombined=0xa03ad700
9094fb4.4f20: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
9104fb4.4f20: New simple heap: #1 0000000000b10000 LB 0x400000 (for 1945600 allocation)
9114fb4.4f20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
9124fb4.4f20: System32: \Device\HarddiskVolume4\Windows\System32
9134fb4.4f20: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
9144fb4.4f20: KnownDllPath: C:\WINDOWS\System32
9154fb4.4f20: supR3HardenedVmProcessInit: Opening vboxdrv...
9164fb4.4f20: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
9174fb4.4f20: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
9184fb4.4f20: Registered Dll notification callback with NTDLL.
9194fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
9204fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9214fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
9224fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5810000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
9234fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
9244fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
9254fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab81d0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
9264fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9274fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
9284fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ff6e60f0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
9294fb4.4f20: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
9304fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
9314fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
9324fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Avecto\Privilege Guard Client\PGHook.dll)
9334fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Avecto\Privilege Guard Client\PGHook.dll
9344fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9354fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Avecto\Privilege Guard Client\PGHook.dll [lacks WinVerifyTrust]
9364fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab3940000 LB 0x0016b000 C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll [fFlags=0x0]
9374fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Avecto\Privilege Guard Client\PGHook.dll [lacks WinVerifyTrust]
9384fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9394fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9404fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
9414fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9424fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
9444fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9454fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9464fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
9474fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9494fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
9504fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
9514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9524fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-l1-2-1'
9534fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9544fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
9554fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
9564fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
9574fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
9584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9604fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
9614fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9624fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9644fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
9654fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
9664fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
9674fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9694fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
9704fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9734fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9754fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab7c60000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
9764fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9774fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5ac0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
9784fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9794fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab7c00000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
9804fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9814fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab78f0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
9824fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9834fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab78f0000 'C:\WINDOWS\System32\ADVAPI32.dll'
9844fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
9854fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
9864fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4420000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9874fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9884fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
9894fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
9904fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9914fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9934fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
9944fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
9954fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9964fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9974fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9984fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4530000 LB 0x00025000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0]
9994fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10004fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab3b70000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
10014fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10024fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
10034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
10044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\kernel32.dll'
10064fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
10074fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
10084fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
10094fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4c10000 LB 0x0006a000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
10104fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
10114fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10124fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4440000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
10134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
10144fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll)
10154fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll
10164fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10174fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10184fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10194fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10204fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab78d0000 LB 0x00008000 C:\WINDOWS\System32\PSAPI.DLL [fFlags=0x0]
10214fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll [lacks WinVerifyTrust]
10224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab78d0000 'C:\WINDOWS\System32\PSAPI.DLL'
10234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3940000 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll'
10244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10254fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10264fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
10274fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll)
10284fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll
10294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
10304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
10314fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
10324fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
10334fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
10344fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
10354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10374fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10384fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
10394fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
10404fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
10414fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
10424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10444fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10454fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10464fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10474fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10484fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
10494fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10504fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10524fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
10534fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
10544fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
10554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10574fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
10594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
10604fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
10614fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
10624fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
10634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
10644fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10654fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)
10664fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
10674fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10694fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10704fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10724fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10734fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10754fb4.4f20: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
10764fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
10774fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
10784fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10794fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
10804fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
10814fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab55a0000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
10824fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
10834fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
10844fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5550000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
10854fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
10864fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
10874fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5f20000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
10884fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10894fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
10904fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
10914fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
10924fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5df0000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
10934fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10944fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
10954fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
10964fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
10974fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
10984fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab56a0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
10994fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
11004fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
11014fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5740000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
11024fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
11034fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab7770000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
11044fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11054fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4a20000 LB 0x00187000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
11064fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
11074fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
11084fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
11094fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
11104fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
11114fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
11124fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab7d00000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
11134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11144fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab5bf0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
11154fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11164fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
11174fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
11184fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
11194fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
11204fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4990000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
11214fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
11224fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
11234fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
11244fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
11254fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab49d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
11264fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
11274fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
11284fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
11294fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab49b0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
11304fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
11314fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
11324fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4e50000 LB 0x006f1000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
11334fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11344fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
11354fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
11364fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
11374fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
11384fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
11394fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab6250000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
11404fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11414fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab8490000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
11424fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
11434fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab78e0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
11444fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
11454fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4060000 LB 0x000a4000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
11464fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
11474fb4.4f20: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
11484fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
11494fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
11504fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
11524fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
11534fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11544fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
11554fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
11564fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11574fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-fibers-l1-1-1'
11584fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
11594fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11604fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-synch-l1-2-0'
11614fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
11624fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11634fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-l1-2-1'
11644fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11654fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11664fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11674fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11694fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11704fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
11714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11734fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11764fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11774fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11784fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11794fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11804fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11824fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11834fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11844fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11854fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11864fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11874fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11884fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11894fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11904fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11914fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11934fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11944fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11954fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
11964fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
11974fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
11984fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11994fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12004fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12014fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12024fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12034fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12044fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12054fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12064fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
12074fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12084fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12094fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
12104fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12114fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12124fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12134fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12144fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12154fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12164fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
12174fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
12184fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
12194fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12214fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\kernel32.dll'
12244fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
12254fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12264fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-string-l1-1-0'
12274fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
12284fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12294fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-datetime-l1-1-1'
12304fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
12314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12324fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-obsolete-l1-2-0'
12334fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12344fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
12354fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
12364fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
12374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
12384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
12394fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
12404fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12414fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12424fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
12444fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab6220000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
12454fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12464fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6220000 'C:\WINDOWS\system32\IMM32.DLL'
12474fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)
12484fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
12494fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4020000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
12504fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
12514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll'
12524fb4.4f20: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffab8579ac0 pvNtTerminateThread=00007ffab85a5df0
12531060.47b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 597 ms.
12544fb4.4f20: \SystemRoot\System32\ntdll.dll:
12554fb4.4f20: CreationTime: 2017-12-28T09:42:41.155904300Z
12564fb4.4f20: LastWriteTime: 2017-09-05T05:26:19.169608500Z
12574fb4.4f20: ChangeTime: 2018-05-14T02:22:11.988091300Z
12584fb4.4f20: FileAttributes: 0x20
12594fb4.4f20: Size: 0x1d7658
12604fb4.4f20: NT Headers: 0xe0
12614fb4.4f20: Timestamp: 0x8274fd8b
12624fb4.4f20: Machine: 0x8664 - amd64
12634fb4.4f20: Timestamp: 0x8274fd8b
12644fb4.4f20: Image Version: 10.0
12654fb4.4f20: SizeOfImage: 0x1db000 (1945600)
12664fb4.4f20: Resource Dir: 0x170000 LB 0x69448
12674fb4.4f20: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
12684fb4.4f20: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
12694fb4.4f20: ProductName: Microsoft® Windows® Operating System
12704fb4.4f20: ProductVersion: 10.0.15063.608
12714fb4.4f20: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
12724fb4.4f20: FileDescription: NT Layer DLL
12734fb4.4f20: \SystemRoot\System32\kernel32.dll:
12744fb4.4f20: CreationTime: 2018-05-14T02:05:05.550488900Z
12754fb4.4f20: LastWriteTime: 2018-04-03T05:10:01.391244900Z
12764fb4.4f20: ChangeTime: 2018-05-14T02:30:04.490153000Z
12774fb4.4f20: FileAttributes: 0x20
12784fb4.4f20: Size: 0xad068
12794fb4.4f20: NT Headers: 0xf8
12804fb4.4f20: Timestamp: 0xc566ba39
12814fb4.4f20: Machine: 0x8664 - amd64
12824fb4.4f20: Timestamp: 0xc566ba39
12834fb4.4f20: Image Version: 10.0
12844fb4.4f20: SizeOfImage: 0xae000 (712704)
12854fb4.4f20: Resource Dir: 0xac000 LB 0x520
12864fb4.4f20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
12874fb4.4f20: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
12884fb4.4f20: ProductName: Microsoft® Windows® Operating System
12894fb4.4f20: ProductVersion: 10.0.15063.1058
12904fb4.4f20: FileVersion: 10.0.15063.1058 (WinBuild.160101.0800)
12914fb4.4f20: FileDescription: Windows NT BASE API Client DLL
12924fb4.4f20: \SystemRoot\System32\KernelBase.dll:
12934fb4.4f20: CreationTime: 2018-04-13T05:17:44.888383700Z
12944fb4.4f20: LastWriteTime: 2018-03-30T05:26:37.014576400Z
12954fb4.4f20: ChangeTime: 2018-05-14T02:22:11.930080900Z
12964fb4.4f20: FileAttributes: 0x20
12974fb4.4f20: Size: 0x2493f0
12984fb4.4f20: NT Headers: 0x100
12994fb4.4f20: Timestamp: 0x8ecb0e
13004fb4.4f20: Machine: 0x8664 - amd64
13014fb4.4f20: Timestamp: 0x8ecb0e
13024fb4.4f20: Image Version: 10.0
13034fb4.4f20: SizeOfImage: 0x249000 (2396160)
13044fb4.4f20: Resource Dir: 0x22a000 LB 0x548
13054fb4.4f20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13064fb4.4f20: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
13074fb4.4f20: ProductName: Microsoft® Windows® Operating System
13084fb4.4f20: ProductVersion: 10.0.15063.1029
13094fb4.4f20: FileVersion: 10.0.15063.1029 (WinBuild.160101.0800)
13104fb4.4f20: FileDescription: Windows NT BASE API Client DLL
13114fb4.4f20: \SystemRoot\System32\apisetschema.dll:
13124fb4.4f20: CreationTime: 2017-03-18T20:57:35.373527900Z
13134fb4.4f20: LastWriteTime: 2017-03-18T20:57:35.373527900Z
13144fb4.4f20: ChangeTime: 2017-12-21T19:46:14.124167300Z
13154fb4.4f20: FileAttributes: 0x20
13164fb4.4f20: Size: 0x1ada0
13174fb4.4f20: NT Headers: 0xc0
13184fb4.4f20: Timestamp: 0x76544b2
13194fb4.4f20: Machine: 0x8664 - amd64
13204fb4.4f20: Timestamp: 0x76544b2
13214fb4.4f20: Image Version: 10.0
13224fb4.4f20: SizeOfImage: 0x1b000 (110592)
13234fb4.4f20: Resource Dir: 0x1a000 LB 0x408
13244fb4.4f20: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
13254fb4.4f20: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
13264fb4.4f20: ProductName: Microsoft® Windows® Operating System
13274fb4.4f20: ProductVersion: 10.0.15063.0
13284fb4.4f20: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
13294fb4.4f20: FileDescription: ApiSet Schema DLL
13304fb4.4f20: NtOpenDirectoryObject failed on \Driver: 0xc0000022
13314fb4.4f20: supR3HardenedWinFindAdversaries: 0x20083
13324fb4.4f20: \SystemRoot\System32\drivers\SysPlant.sys:
13334fb4.4f20: CreationTime: 2017-02-07T07:00:53.205024500Z
13344fb4.4f20: LastWriteTime: 2018-03-08T04:37:22.992733500Z
13354fb4.4f20: ChangeTime: 2018-03-08T04:37:22.992733500Z
13364fb4.4f20: FileAttributes: 0x20
13374fb4.4f20: Size: 0x30548
13384fb4.4f20: NT Headers: 0xf0
13394fb4.4f20: Timestamp: 0x5a1adc8a
13404fb4.4f20: Machine: 0x8664 - amd64
13414fb4.4f20: Timestamp: 0x5a1adc8a
13424fb4.4f20: Image Version: 5.0
13434fb4.4f20: SizeOfImage: 0x31000 (200704)
13444fb4.4f20: Resource Dir: 0x2f000 LB 0x49c
13454fb4.4f20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13464fb4.4f20: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
13474fb4.4f20: ProductName: Symantec CMC Firewall
13484fb4.4f20: ProductVersion: 14.0.3856.1100
13494fb4.4f20: FileVersion: 14.0.3856.1100
13504fb4.4f20: FileDescription: Symantec CMC Firewall SysPlant
13514fb4.4f20: \SystemRoot\System32\sysfer.dll:
13524fb4.4f20: CreationTime: 2017-02-07T07:00:53.173800100Z
13534fb4.4f20: LastWriteTime: 2018-03-08T04:37:22.992733500Z
13544fb4.4f20: ChangeTime: 2018-03-08T04:37:22.992733500Z
13554fb4.4f20: FileAttributes: 0x20
13564fb4.4f20: Size: 0x7cee8
13574fb4.4f20: NT Headers: 0xf8
13584fb4.4f20: Timestamp: 0x5a1adc96
13594fb4.4f20: Machine: 0x8664 - amd64
13604fb4.4f20: Timestamp: 0x5a1adc96
13614fb4.4f20: Image Version: 0.0
13624fb4.4f20: SizeOfImage: 0x95000 (610304)
13634fb4.4f20: Resource Dir: 0x91000 LB 0x490
13644fb4.4f20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13654fb4.4f20: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
13664fb4.4f20: ProductName: Symantec CMC Firewall
13674fb4.4f20: ProductVersion: 14.0.3856.1100
13684fb4.4f20: FileVersion: 14.0.3856.1100
13694fb4.4f20: FileDescription: Symantec CMC Firewall sysfer
13704fb4.4f20: \SystemRoot\System32\drivers\symevent64x86.sys:
13714fb4.4f20: CreationTime: 2017-02-07T07:01:26.422016700Z
13724fb4.4f20: LastWriteTime: 2018-03-07T04:33:59.877082300Z
13734fb4.4f20: ChangeTime: 2018-03-08T04:37:24.616695800Z
13744fb4.4f20: FileAttributes: 0x20
13754fb4.4f20: Size: 0x19098
13764fb4.4f20: NT Headers: 0xe0
13774fb4.4f20: Timestamp: 0x59fcb42b
13784fb4.4f20: Machine: 0x8664 - amd64
13794fb4.4f20: Timestamp: 0x59fcb42b
13804fb4.4f20: Image Version: 6.2
13814fb4.4f20: SizeOfImage: 0x23000 (143360)
13824fb4.4f20: Resource Dir: 0x21000 LB 0x3c8
13834fb4.4f20: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13844fb4.4f20: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
13854fb4.4f20: ProductName: SYMEVENT
13864fb4.4f20: ProductVersion: 14.0.5.9
13874fb4.4f20: FileVersion: 14.0.5.9
13884fb4.4f20: FileDescription: Symantec Event Library
13894fb4.4f20: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
13904fb4.4f20: CreationTime: 2017-11-23T04:25:55.932359500Z
13914fb4.4f20: LastWriteTime: 2017-11-23T05:51:57.309569000Z
13924fb4.4f20: ChangeTime: 2017-12-21T04:00:29.810996100Z
13934fb4.4f20: FileAttributes: 0x20
13944fb4.4f20: Size: 0x319c0
13954fb4.4f20: NT Headers: 0xe0
13964fb4.4f20: Timestamp: 0x5795342f
13974fb4.4f20: Machine: 0x8664 - amd64
13984fb4.4f20: Timestamp: 0x5795342f
13994fb4.4f20: Image Version: 6.1
14004fb4.4f20: SizeOfImage: 0x34000 (212992)
14014fb4.4f20: Resource Dir: 0x32000 LB 0x3b8
14024fb4.4f20: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
14034fb4.4f20: [Raw version resource data: 0x32060 LB 0x354, codepage 0x0 (reserved 0x0)]
14044fb4.4f20: ProductName: Malwarebytes Anti-Malware
14054fb4.4f20: ProductVersion: 0.3.0.0
14064fb4.4f20: FileVersion: 0.3.0.0
14074fb4.4f20: FileDescription: Malwarebytes Anti-Malware
14084fb4.4f20: \SystemRoot\System32\drivers\PGDriver.sys:
14094fb4.4f20: CreationTime: 2017-08-28T13:45:44.481801100Z
14104fb4.4f20: LastWriteTime: 2017-06-22T05:50:20.000000000Z
14114fb4.4f20: ChangeTime: 2018-05-24T09:04:08.433217200Z
14124fb4.4f20: FileAttributes: 0x20
14134fb4.4f20: Size: 0x8490
14144fb4.4f20: NT Headers: 0xf8
14154fb4.4f20: Timestamp: 0x59394114
14164fb4.4f20: Machine: 0x8664 - amd64
14174fb4.4f20: Timestamp: 0x59394114
14184fb4.4f20: Image Version: 6.3
14194fb4.4f20: SizeOfImage: 0xb000 (45056)
14204fb4.4f20: Resource Dir: 0x9000 LB 0x430
14214fb4.4f20: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
14224fb4.4f20: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
14234fb4.4f20: ProductName: Avecto Defendpoint
14244fb4.4f20: ProductVersion: 2017.06.08.1
14254fb4.4f20: FileVersion: 2017.06.08.1
14264fb4.4f20: SpecialBuild: D
14274fb4.4f20: FileDescription: Defendpoint Driver
14284fb4.4f20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
14294fb4.4f20: Calling main()
14304fb4.4f20: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
14314fb4.4f20: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
14324fb4.4f20: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
14334fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
14344fb4.4f20: SUPR3HardenedMain: Final process, opening VBoxDrv...
14354fb4.4f20: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b10000 LB 0x400000)
14364fb4.4f20: supR3HardNtEnableThreadCreation:
14374fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
14384fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
14394fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14404fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
14414fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaaca40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
14424fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
14434fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
14444fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14454fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaca40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
14464fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
14474fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaca40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
14494fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaca40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
14504fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
14524fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
14534fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
14544fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
14554fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
14564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14584fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
14604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
14614fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
14624fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
14634fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
14644fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
14654fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
14664fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
14674fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
14684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14694fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14704fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
14724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
14734fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
14744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14754fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4970000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
14764fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
14774fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4c80000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
14784fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14794fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4bb0000 LB 0x00057000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
14804fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14814fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\WINDOWS\system32\Wintrust.dll'
14824fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
14834fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14844fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4530000 'C:\WINDOWS\system32\bcrypt.dll'
14854fb4.4f20: bcrypt.dll loaded at 00007ffab4530000, BCryptOpenAlgorithmProvider at 00007ffab4534aa0, preloading providers:
14864fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
14874fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14884fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c10000 'C:\WINDOWS\system32\bcryptprimitives.dll'
14894fb4.4f20: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010d4860)
14904fb4.4f20: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010d9d90)
14914fb4.4f20: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010da060)
14924fb4.4f20: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010da330)
14934fb4.4f20: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010e7bc0)
14944fb4.4f20: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010e7e90)
14954fb4.4f20: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010e8160)
14964fb4.4f20: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010d5bc0)
14974fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14984fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14994fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15004fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15024fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15064fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15074fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15094fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15104fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15114fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15124fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15134fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15154fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15164fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15174fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15184fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15194fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15204fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
15214fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
15224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
15234fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15244fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
15254fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\CRYPT32.dll'
15264fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab7690000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
15274fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
15284fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
15294fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
15324fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
15334fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
15344fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
15354fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
15364fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
15374fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll)
15384fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
15394fb4.4f20: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000350 (hFile=0000000000000368) with 0xc0000022 -> STATUS_TRUST_FAILURE
15404fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15414fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15424fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
15434fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
15444fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab33a0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
15454fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
15464fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15474fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
15484fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
15494fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
15504fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
15514fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
15524fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15534fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15544fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15554fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15584fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15614fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15624fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
15634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
15644fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
15654fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
15664fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
15674fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
15684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
15694fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
15704fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
15714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
15724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
15734fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15764fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15774fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15784fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15794fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
15804fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
15814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
15824fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
15834fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
15844fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
15854fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
15864fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
15874fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15884fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15894fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa92ac0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
15904fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15914fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15924fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
15934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
15944fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15954fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
15964fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
15974fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15984fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
15994fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16004fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
16024fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
16054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16064fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16074fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
16084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16094fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16104fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16114fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16124fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16154fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16164fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16174fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16184fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16194fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\WINDOWS\System32\cryptnet.dll'
16204fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16214fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92ac0000 'C:\Windows\System32\cryptnet.dll'
16224fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16244fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16254fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
16264fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16274fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16284fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
16294fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001181dc0
16304fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
16314fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD38255A6DCCC09B45A72579827544B1B25F4681
16324fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16334fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5ac0000 'C:\WINDOWS\System32\rpcrt4.dll'
16344fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16354fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16364fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16374fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16384fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16394fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16404fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16414fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16424fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16444fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16454fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16464fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
16474fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\Windows\System32\WINTRUST.DLL'
16494fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16504fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16524fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
16534fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16544fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16554fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2237_for_KB4088782~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
16564fb4.4f20: g_pfnWinVerifyTrust=00007ffab4bbd3e0
16574fb4.4f20: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
16584fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16594fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16604fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16614fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
16624fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16634fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16644fb4.4f20: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
16654fb4.4f20: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
16664fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16674fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16684fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16694fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16704fb4.4f20: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
16714fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16724fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16734fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16744fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
16754fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16764fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16774fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16784fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
16794fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
16804fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
16814fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
16824fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
16834fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16844fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16864fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
16874fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16884fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
16894fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16904fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16914fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
16924fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
16934fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
16944fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
16954fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
16964fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E3EA9BEFE875CD90A66DCBEEF4C761ACAC3755E
16974fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
16984fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
16994fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17004fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1677_for_KB4088782~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
17014fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17024fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
17034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17064fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
17074fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17094fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
17104fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17114fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17124fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
17134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17154fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17164fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
17174fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17184fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17194fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17204fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL'
17214fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17244fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
17254fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17264fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17274fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17284fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
17294fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17324fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
17334fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17344fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17354fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17364fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
17374fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17384fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17394fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17404fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
17414fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17424fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17444fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
17454fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17464fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17474fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17484fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
17494fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17504fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17524fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
17534fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17544fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17554fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17564fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
17574fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17584fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17594fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17604fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
17614fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17624fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17634fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17644fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
17654fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17664fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17674fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17684fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
17694fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17704fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17714fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17724fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
17734fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17754fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17764fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll'
17774fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17784fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17794fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17804fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
17814fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17824fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17834fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
17844fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17864fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17874fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
17884fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17894fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17904fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17914fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
17924fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17944fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17954fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
17964fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
17974fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
17984fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
17994fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
18004fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18024fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll'
18034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18064fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\psapi.dll'
18074fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18094fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18104fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
18114fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18124fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18134fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18144fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
18154fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18164fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18174fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18184fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
18194fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
18204fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18214fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18224fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
18234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18244fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18254fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
18264fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18274fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18284fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
18294fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18314fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
18324fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18334fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18344fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
18354fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18364fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18374fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
18384fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18394fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Avecto\Privilege Guard Client\PGHook.dll'
18404fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18414fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
18424fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18444fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
18454fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
18464fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
18474fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
18484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\system32\crypt32.dll'
18494fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4e6f5b254adf3119 DC=com, DC=accenture, DC=svc, DC=dir, OU=People, CN=Accenture Root CA
18504fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
18514fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
18524fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x1daf646aab6fd400 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority, desc=1578173361EP@websense.com
18534fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
18544fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x6ada0ca27241bd00 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority, desc=598280705EP@websense.com
18554fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
18564fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
18574fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
18584fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
18594fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x56b68baca613ec00 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority, desc=1856614846EP@websense.com
18604fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
18614fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
18624fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
18634fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
18644fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
18654fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
18664fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
18674fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
18684fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
18694fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
18704fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
18714fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
18724fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
18734fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
18744fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
18754fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
18764fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
18774fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
18784fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
18794fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
18804fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
18814fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
18824fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
18834fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
18844fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
18854fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
18864fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
18874fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
18884fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
18894fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
18904fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
18914fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
18924fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
18934fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
18944fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
18954fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
18964fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
18974fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
18984fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
18994fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
19004fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
19014fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
19024fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
19034fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4e6f5b254adf3119 DC=com, DC=accenture, DC=svc, DC=dir, OU=People, CN=Accenture Root CA
19044fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
19054fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
19064fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
19074fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x6b1d5e81c965198 L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
19084fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
19094fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
19104fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
19114fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0xf8af697ddd419800 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
19124fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
19134fb4.4f20: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
19144fb4.4f20: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=65
19154fb4.4f20: SUPR3HardenedMain: Load Runtime...
19164fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
19174fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19184fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19194fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
19204fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
19214fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
19224fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19234fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19244fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19254fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19264fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19274fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
19284fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
19314fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19324fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
19334fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19344fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19384fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
19394fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
19404fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
19414fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
19424fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
19434fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
19444fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19454fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
19464fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19474fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006e740000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
19484fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
19494fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006d550000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
19504fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19514fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa76740000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
19524fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19534fb4.4f20: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
19544fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
19554fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19564fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19574fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19584fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19594fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19604fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19614fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19624fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19634fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19644fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19654fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19664fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19674fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19684fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19694fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19704fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19714fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19724fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19734fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19754fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19764fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19774fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19784fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19794fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19804fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19814fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19824fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19834fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19844fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19864fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19874fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19884fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19894fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19904fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19914fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19924fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19944fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19954fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19964fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19974fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19984fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
19994fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20004fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20024fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20034fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa76740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4bb0000 'C:\WINDOWS\system32\Wintrust.dll'
20054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20064fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
20074fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
20094fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\system32\crypt32.dll'
20104fb4.4f20: SUPR3HardenedMain: Load TrustedMain...
20114fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20124fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
20134fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20144fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
20154fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
20164fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
20174fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
20184fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
20194fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
20204fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
20214fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
20224fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
20234fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
20244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
20254fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
20264fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
20274fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
20284fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
20294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20324fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
20334fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
20344fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
20354fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
20364fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
20374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20404fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20414fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
20424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
20434fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20444fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20454fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
20464fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
20474fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20484fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20494fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20504fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
20514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20524fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
20534fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
20544fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
20554fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
20564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20614fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20624fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
20634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
20644fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
20654fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
20664fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20674fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
20684fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
20694fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
20704fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
20714fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
20724fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
20734fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
20744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20764fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20774fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20784fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20794fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20804fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20824fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20834fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
20844fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
20854fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20864fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20874fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
20884fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20894fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20904fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20914fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20934fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
20944fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20954fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20964fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
20974fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
20984fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
20994fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
21004fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
21014fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
21024fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
21034fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
21044fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
21054fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21064fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21074fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
21084fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21094fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21104fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
21114fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
21124fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
21134fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
21144fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21154fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
21164fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
21174fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
21184fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
21194fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
21204fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21214fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21224fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21234fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
21244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
21254fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
21264fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21274fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21284fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
21294fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
21304fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
21314fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
21324fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21344fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21354fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
21364fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21374fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
21384fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
21394fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
21404fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
21414fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
21424fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
21434fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
21444fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21454fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21464fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21474fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
21484fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21494fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21504fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
21514fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21524fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21534fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
21544fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21564fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
21574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21594fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
21604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21614fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21624fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
21634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21644fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21654fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21664fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21674fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21684fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
21694fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21704fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21714fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
21724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21734fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21744fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
21754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21764fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21774fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
21784fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21794fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21804fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21824fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21834fb4.4f20: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
21844fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21854fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21864fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21874fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21884fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
21894fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
21904fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
21914fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21934fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
21944fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21954fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21964fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
21974fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21984fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21994fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22004fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
22014fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
22024fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22034fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
22044fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
22054fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22064fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22074fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22084fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22094fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22104fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
22114fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22124fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22134fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22144fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22154fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22164fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22174fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22184fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22194fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
22204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
22214fb4.4f20: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22224fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22234fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
22244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
22254fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
22264fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
22274fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22284fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22294fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
22304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22314fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22324fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22344fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
22354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22394fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
22404fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22414fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22444fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
22454fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
22464fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
22474fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
22484fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
22494fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
22504fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
22514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
22524fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
22534fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
22544fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
22564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
22574fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
22584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22604fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
22614fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
22624fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
22634fb4.4f20: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
22644fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22654fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
22664fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
22674fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
22684fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
22694fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
22704fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
22714fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
22724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
22734fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
22744fb4.4f20: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
22754fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22764fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
22774fb4.4f20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
22784fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
22794fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22804fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22814fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
22824fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22834fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22844fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
22854fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
22864fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
22874fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
22884fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22894fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22904fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22914fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
22934fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
22944fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
22954fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22964fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22974fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22984fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22994fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
23004fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
23014fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
23024fb4.4f20: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
23034fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
23044fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23054fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23064fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
23074fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
23084fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23094fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23104fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23114fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23124fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
23134fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23144fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23154fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23164fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23174fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23184fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23194fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23214fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23224fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23234fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23244fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
23254fb4.4f20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
23264fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23274fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23284fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
23294fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
23304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
23324fb4.4f20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
23334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23344fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23354fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
23364fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
23374fb4.4f20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
23384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23404fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
23414fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
23424fb4.4f20: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
23434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23444fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23454fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
23464fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23474fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23484fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
23494fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
23504fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
23514fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
23524fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
23534fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
23544fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
23554fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
23564fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
23574fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
23584fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23594fb4.4f20: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
23604fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
23614fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
23624fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
23634fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23644fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23654fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
23664fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
23674fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
23684fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23694fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
23704fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
23714fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
23724fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
23734fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23744fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23754fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\comctl32.dll)
23764fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\comctl32.dll
23774fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
23784fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
23794fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23804fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa88780000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
23814fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
23824fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa88810000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
23834fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
23844fb4.4f20: supR3HardenedDllNotificationCallback: load 0000000003a60000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
23854fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
23864fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaa8360000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
23874fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
23884fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006c7a0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
23894fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23904fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa76140000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
23914fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23924fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006c230000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
23934fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
23944fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaabcb0000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
23954fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
23964fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa9ff90000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\COMCTL32.dll [fFlags=0x0]
23974fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\comctl32.dll [avoiding WinVerifyTrust]
23984fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab79a0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
23994fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
24004fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa87e00000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
24014fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
24024fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006e6e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
24034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
24044fb4.4f20: supR3HardenedDllNotificationCallback: load 0000000003bb0000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
24054fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24064fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaadca0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
24074fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
24084fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaae000000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
24094fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24104fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa62fe0000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
24114fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
24124fb4.4f20: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\comctl32.dll'.
24134fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.1058_none_8f5d02a525b8dc20\comctl32.dll' [rescheduled]
24144fb4.4f20: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
24154fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
24164fb4.4f20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
24174fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
24184fb4.4f20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
24194fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
24204fb4.4f20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
24214fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
24224fb4.4f20: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
24234fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
24244fb4.4f20: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
24254fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
24264fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
24274fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24284fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24314fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24324fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24334fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24344fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24354fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6220000 'C:\WINDOWS\System32\imm32.dll'
24364fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
24374fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24384fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab78f0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
24394fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa62fe0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
24404fb4.4f20: SUPR3HardenedMain: Calling TrustedMain (00007ffa62fe14f0)...
24414fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
24424fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
24434fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
24444fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
24454fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
24464fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
24474fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24484fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
24494fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
24504fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
24514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
24524fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
24534fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
24544fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24594fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24614fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24624fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24644fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24654fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24664fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24674fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
24684fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24694fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24704fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24714fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24724fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24734fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24764fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
24774fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24784fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24794fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
24804fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24824fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24834fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24844fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24864fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24874fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa7f220000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
24884fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24894fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f220000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
24904fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000710 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24914fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
24924fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
24934fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
24944fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
24954fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
24964fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
24974fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24984fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24994fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
25004fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
25014fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
25024fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25034fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25044fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25054fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25064fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25074fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25084fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25094fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
25104fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25114fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25124fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab2d10000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
25134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab2d10000 'C:\WINDOWS\system32\uxtheme.dll'
25154fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7770000 'C:\WINDOWS\system32\user32.dll'
25164fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25174fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25184fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
25194fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
25204fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25214fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5df0000 'C:\WINDOWS\system32\SHCore.dll'
25224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
25234fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
25244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25254fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
25264fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
25274fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
25284fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
25294fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
25304fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab1070000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
25314fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
25324fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25344fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
25374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
25384fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
25394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25404fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25414fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
25424fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
25434fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
25444fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25454fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25464fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\system32\winmm.dll'
25474fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25494fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\system32\winmm.dll'
25504fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25524fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
25534fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25544fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25554fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab2d10000 'C:\WINDOWS\system32\uxtheme.dll'
25564fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab78f0000 'C:\WINDOWS\system32\advapi32.dll'
25574fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
25584fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
25594fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
25604fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
25614fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
25624fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
25634fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
25644fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
25654fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
25664fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25674fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25684fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
25694fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25704fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25714fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab4870000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
25724fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25734fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4870000 'C:\WINDOWS\system32\userenv.dll'
25744fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
25754fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25764fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab81d0000 'C:\WINDOWS\System32\kernel32.dll'
25774fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab83f0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
25784fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25794fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
25804fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
25814fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
25824fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25834fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25844fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25854fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25864fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
25874fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
25884fb4.8e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
25894fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
25904fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25914fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25924fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25934fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25944fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25954fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25964fb4.8e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
25974fb4.8e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25984fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25994fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26004fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26014fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26024fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26034fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26044fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26054fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26064fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26074fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26084fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26094fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26104fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
26114fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26124fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26134fb4.8e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26144fb4.8e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
26154fb4.8e8: supR3HardenedDllNotificationCallback: load 00007ffa74da0000 LB 0x00546000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
26164fb4.8e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
26174fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa74da0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
26184fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
26194fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26204fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26214fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26224fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
26234fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
26244fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26254fb4.8e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
26264fb4.8e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
26274fb4.8e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26284fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26294fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26304fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26314fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26324fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26334fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26344fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26354fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26364fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26374fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26384fb4.8e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
26394fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26404fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26414fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26424fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26434fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26444fb4.8e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26454fb4.8e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26464fb4.8e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26474fb4.8e8: supR3HardenedDllNotificationCallback: load 00007ffa7f160000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
26484fb4.8e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26494fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f160000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
26504fb4.8e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26514fb4.8e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26524fb4.8e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000003bb0000 'C:\Windows\System32\oleaut32.dll'
26534fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
26544fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26554fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7d00000 'C:\WINDOWS\system32\gdi32.dll'
26564fb4.1a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
26574fb4.1a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
26584fb4.1a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
26594fb4.1a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26604fb4.1a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26614fb4.1a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
26624fb4.1a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
26634fb4.1a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26644fb4.1a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26654fb4.1a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26664fb4.1a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26674fb4.1a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26684fb4.1a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
26694fb4.1a08: supR3HardenedDllNotificationCallback: load 00007ffa95630000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
26704fb4.1a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
26714fb4.1a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa95630000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
26724fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
26734fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab8280000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
26744fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26754fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
26764fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
26774fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
26784fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
26794fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
26804fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
26814fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26824fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26834fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
26844fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26854fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26864fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26874fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26884fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26894fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26904fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26914fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26924fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
26944fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
26954fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
26964fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a38 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
26974fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
26984fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
26994fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
27004fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
27014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
27024fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
27034fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27044fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27054fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
27064fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
27074fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
27084fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
27094fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
27104fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
27114fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
27124fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
27134fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
27144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
27154fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
27164fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
27174fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
27184fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
27194fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
27204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
27214fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27224fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27234fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27244fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27254fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
27264fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
27274fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
27284fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27294fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
27304fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27314fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
27324fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
27334fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
27344fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
27354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27374fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
27384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
27394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
27404fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
27414fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27444fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27454fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
27464fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
27474fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
27484fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
27494fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
27504fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27514fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
27524fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
27534fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27544fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
27574fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
27584fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
27594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27614fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27624fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
27634fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
27644fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
27654fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27664fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab3420000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
27674fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
27684fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab1d40000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
27694fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
27704fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaa9870000 LB 0x00123000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
27714fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
27724fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa8e300000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
27734fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
27744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8e300000 'C:\WINDOWS\system32\dataexchange.dll'
27754fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27764fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
27774fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
27784fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
27794fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
27804fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
27814fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab2f80000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
27824fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
27834fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27844fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
27854fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
27864fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
27874fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
27884fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27894fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
27904fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
27914fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
27924fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
27934fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27944fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
27954fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
27964fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
27974fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
27984fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
27994fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
28004fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
28014fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
28024fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
28034fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
28044fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28054fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
28064fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll)
28074fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll
28084fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab3690000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
28094fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
28104fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaa9780000 LB 0x000e4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
28114fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
28124fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab2270000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
28134fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
28144fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffab1920000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
28154fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
28164fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa9f990000 LB 0x002d3000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
28174fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
28184fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa9fc70000 LB 0x00081000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
28194fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
28204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28214fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28224fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28234fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28244fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
28254fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
28264fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
28274fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28284fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
28304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
28314fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
28324fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28344fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
28374fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
28384fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
28394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
28404fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
28414fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
28424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28444fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
28454fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
28464fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
28474fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
28484fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
28494fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
28504fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28514fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28524fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
28534fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
28544fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
28554fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
28564fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
28574fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
28584fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28594fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28604fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28614fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28624fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28634fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28644fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll'
28654fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28664fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28674fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
28684fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28694fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28704fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
28714fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28724fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28734fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
28744fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28754fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28764fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
28774fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28784fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28794fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
28804fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
28814fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
28824fb4.4f20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
28834fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28844fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000003bb0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
28864fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
28874fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28884fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7770000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
28894fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
28904fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28914fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7770000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
28924fb4.4f20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
28934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
28944fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
28954fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28964fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5f20000 'api-ms-win-core-com-l1-1-1.dll'
28974fb4.4f20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
28984fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
28994fb4.4f20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
29004fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
29014fb4.4f20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
29024fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
29034fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
29044fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29054fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8280000 'C:\WINDOWS\System32\MSCTF.dll'
29064fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
29074fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29084fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000003a60000 'C:\WINDOWS\System32\ole32.dll'
29094fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000003bb0000 'C:\WINDOWS\System32\OLEAUT32.dll'
29104fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29114fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
29124fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
29134fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
29144fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
29154fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
29164fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
29174fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29184fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29194fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
29204fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
29214fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
29224fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29234fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29244fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29254fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29264fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
29274fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
29284fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
29294fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
29304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
29314fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
29324fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29334fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29344fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
29354fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
29364fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
29374fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29384fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29394fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29404fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
29414fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29424fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29434fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29444fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29454fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
29464fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
29474fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
29484fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
29494fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29504fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29514fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29524fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29534fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29544fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaaf7c0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
29554fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
29564fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaaed60000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
29574fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
29584fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
29594fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29604fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
29614fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaed60000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
29624fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29634fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
29644fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
29654fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
29664fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
29674fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
29684fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
29694fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29704fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29714fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
29724fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
29734fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29744fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29754fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29764fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29774fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29784fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29794fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29804fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaae0e0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
29814fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
29824fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae0e0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
29834fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
29844fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29854fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-l1-2-0.dll'
29864fb4.4f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
29874fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29884fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab5810000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
29894fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bac pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
29904fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
29914fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
29924fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
29934fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
29944fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
29954fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
29964fb4.4f20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29974fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29984fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
29994fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
30004fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
30014fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
30024fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
30034fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
30044fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30054fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30064fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
30074fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30084fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
30094fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffaae4c0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
30104fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
30114fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae4c0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
30124fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30134fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30144fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
30154fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30164fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
30174fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30184fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30194fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30204fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
30214fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
30224fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30234fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
30244fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30254fb4.4f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
30264fb4.4f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
30274fb4.4f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
30284fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30294fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30304fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30314fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30324fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30334fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30344fb4.4f20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30354fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30364fb4.4f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30374fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30384fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30394fb4.4f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
30404fb4.4f20: supR3HardenedDllNotificationCallback: load 000000006d050000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
30414fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
30424fb4.4f20: supR3HardenedDllNotificationCallback: load 00007ffa7f480000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
30434fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30444fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f480000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30454fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30464fb4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30474fb4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30484fb4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30494fb4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30504fb4.2908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
30514fb4.2908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
30524fb4.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30534fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30544fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30554fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30564fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30574fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30584fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30594fb4.2908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30604fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30614fb4.2908: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30624fb4.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30634fb4.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30644fb4.2908: supR3HardenedDllNotificationCallback: load 00007ffa8eae0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
30654fb4.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30664fb4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eae0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
30674fb4.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7770000 'C:\WINDOWS\system32\User32.dll'
30684fb4.6c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30694fb4.6c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30704fb4.6c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30714fb4.6c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30724fb4.6c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
30734fb4.6c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30744fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30754fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30764fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30774fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30784fb4.6c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
30794fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30804fb4.6c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30814fb4.6c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30824fb4.6c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30834fb4.6c4: supR3HardenedDllNotificationCallback: load 00007ffa8ddf0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
30844fb4.6c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30854fb4.6c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ddf0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
30864fb4.45c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
30874fb4.45c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30884fb4.45c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30894fb4.45c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30904fb4.45c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
30914fb4.45c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30924fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30934fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30944fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30954fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30964fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30974fb4.45c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30984fb4.45c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
30994fb4.45c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31004fb4.45c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31014fb4.45c8: supR3HardenedDllNotificationCallback: load 00007ffa8dd70000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
31024fb4.45c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
31034fb4.45c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8dd70000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
31044fb4.1e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31054fb4.1e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31064fb4.1e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31074fb4.1e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31084fb4.1e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
31094fb4.1e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31104fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31114fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31124fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31134fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31144fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31154fb4.1e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31164fb4.1e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31174fb4.1e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31184fb4.1e38: supR3HardenedDllNotificationCallback: load 00007ffa8dd60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
31194fb4.1e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31204fb4.1e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8dd60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
31214fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\Shell32.dll'
31224fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31234fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31244fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f480000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31254fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31264fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31274fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31284fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31294fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31304fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
31314fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
31324fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31334fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31344fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31354fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31364fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31374fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31384fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31394fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31404fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31414fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31424fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31434fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31444fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31454fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa84a50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31464fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31474fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa84a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
31484fb4.5a8: supR3HardenedDllNotificationCallback: Unload 00007ffa84a50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
31494fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31504fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31514fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31524fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31534fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31544fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
31554fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
31564fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31574fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31584fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
31594fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
31604fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
31614fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
31624fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31634fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31644fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31654fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31664fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31674fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31684fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31694fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31704fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31714fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31724fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31734fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31744fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
31754fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31764fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
31774fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
31784fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
31794fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
31804fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31814fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31824fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31834fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31844fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
31854fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
31864fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
31874fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31884fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31894fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31904fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31914fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
31924fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31934fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31944fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
31954fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31964fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
31974fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
31984fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31994fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32004fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32014fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32024fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32034fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32044fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32054fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32064fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
32074fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
32084fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
32094fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32104fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32114fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32124fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32134fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32144fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32154fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32164fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32174fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32184fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32194fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
32204fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
32214fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
32224fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32234fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32244fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32254fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32264fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32274fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32284fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32294fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
32304fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32314fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32324fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab7d90000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
32334fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
32344fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa87c10000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
32354fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32364fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa83d10000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
32374fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32384fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa59790000 LB 0x009c5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
32394fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
32404fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa59790000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
32414fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32424fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32434fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32444fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32454fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa84a50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
32464fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32474fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa84a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
32484fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32494fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
32504fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32514fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa74da0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
32524fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32534fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32544fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32554fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa83d10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
32564fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32574fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32584fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32594fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32604fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
32614fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32624fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32634fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32644fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32654fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32664fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32674fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32684fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa83c40000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
32694fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32704fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa83c40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
32714fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32724fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32734fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32744fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32754fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
32764fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32774fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32784fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32794fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32804fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32814fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32824fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32834fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa83690000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
32844fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32854fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa83690000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
32864fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32874fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
32884fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32894fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32904fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
32914fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32924fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32934fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32944fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32954fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32964fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32974fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32984fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa82950000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
32994fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
33004fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa82950000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
33014fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33024fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33034fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33044fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33054fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
33064fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33074fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33084fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33094fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33104fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33114fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33124fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33134fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa82930000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
33144fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33154fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa82930000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
33164fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33174fb4.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33184fb4.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33194fb4.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
33204fb4.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33214fb4.49b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
33224fb4.49b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33234fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33244fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33254fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33264fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33274fb4.49b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33284fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33294fb4.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33304fb4.49b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33314fb4.49b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33324fb4.49b4: supR3HardenedDllNotificationCallback: load 00007ffa8dd50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
33334fb4.49b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33344fb4.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8dd50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
33354fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33364fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
33374fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33384fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33394fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
33404fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
33414fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
33424fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
33434fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33444fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33454fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33464fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
33474fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33484fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33494fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33504fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33514fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33524fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33534fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33544fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33554fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33564fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33574fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa7fbb0000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
33584fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33594fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7fbb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
33604fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
33614fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33624fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4020000 'C:\WINDOWS\system32\Iphlpapi.dll'
33634fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
33644fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
33654fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
33664fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
33674fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab1ce0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
33684fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
33694fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
33704fb4.5a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
33714fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
33724fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab1ca0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
33734fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
33744fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
33754fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
33764fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
33774fb4.5a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
33784fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
33794fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab1a60000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
33804fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
33814fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef8 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
33824fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
33834fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
33844fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
33854fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
33864fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
33874fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
33884fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33894fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33904fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
33914fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33924fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33934fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33944fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33954fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
33964fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
33974fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
33984fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33994fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34004fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34014fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34024fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1543_for_KB4088782~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
34034fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34044fb4.5a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
34054fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd0 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
34064fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
34074fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
34084fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
34094fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34104fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34114fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1543_for_KB4088782~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
34124fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34134fb4.5a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
34144fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34154fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34164fb4.5a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
34174fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34184fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34194fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34204fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
34214fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
34224fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
34234fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
34244fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34254fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
34264fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
34274fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34284fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34294fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34304fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
34314fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
34324fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
34334fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
34344fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
34354fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
34364fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34374fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34384fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34394fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34404fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34414fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34424fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34434fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34444fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
34454fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
34464fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
34474fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34484fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34494fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34504fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34514fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
34524fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
34534fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
34544fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34554fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34564fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
34574fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
34584fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab3130000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
34594fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
34604fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffaaf110000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
34614fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
34624fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffaaf2c0000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
34634fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34644fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaf2c0000 'C:\WINDOWS\System32\MMDevApi.dll'
34654fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001020 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
34664fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
34674fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
34684fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
34694fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
34704fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34714fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
34724fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
34734fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
34744fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34754fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34764fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
34774fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
34784fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
34794fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34804fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34814fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
34824fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34834fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34844fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34854fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
34864fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa7af40000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
34874fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
34884fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
34894fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
34904fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\System32\dsound.dll'
34914fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\System32\dsound.dll'
34924fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
34934fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34944fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
34954fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34964fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34974fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaf2c0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
34984fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
34994fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35004fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
35014fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001084 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35024fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
35034fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
35044fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
35054fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
35064fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
35074fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
35084fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35094fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35104fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
35114fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
35124fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
35134fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
35144fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35154fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
35164fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
35174fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
35184fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
35194fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
35204fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
35214fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
35224fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
35234fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
35244fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
35254fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35264fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
35274fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
35284fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35294fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35304fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35314fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35324fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35334fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35344fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35354fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35364fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35374fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
35384fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
35394fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa5d330000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
35404fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
35414fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffab1780000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
35424fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
35434fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa5d340000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
35444fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35454fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35464fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35474fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35484fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35494fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35504fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35514fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35524fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35534fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35544fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35554fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35564fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35574fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35584fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
35594fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
35604fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
35614fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
35624fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
35634fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
35644fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
35654fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
35664fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
35674fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
35684fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
35694fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
35704fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35714fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35724fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35734fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35744fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35754fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35764fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35774fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
35784fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
35794fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
35804fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35814fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
35824fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffaada90000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
35834fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
35844fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaada90000 'C:\WINDOWS\System32\AUDIOSES.DLL'
35854fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35864fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35874fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35884fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
35894fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35904fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35914fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
35924fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa0 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
35934fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
35944fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
35954fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
35964fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
35974fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
35984fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
35994fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36004fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36014fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
36024fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
36034fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
36044fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
36054fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36064fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
36074fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
36084fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
36094fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
36104fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
36114fb4.5a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
36124fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
36134fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
36144fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
36154fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
36164fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36174fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
36184fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
36194fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36204fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
36214fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36224fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36234fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36244fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36254fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36264fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36274fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36284fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
36294fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa5d300000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
36304fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
36314fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa5d320000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
36324fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36334fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36344fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36354fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36364fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36374fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36384fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36394fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36404fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36414fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36424fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36434fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36444fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36454fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36464fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36474fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36484fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36494fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
36504fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36514fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36524fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36534fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36544fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d320000 'C:\WINDOWS\System32\msacm32.drv'
36554fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010f4 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
36564fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
36574fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
36584fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
36594fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
36604fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
36614fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
36624fb4.5a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36634fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36644fb4.5a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
36654fb4.5a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
36664fb4.5a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
36674fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
36684fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
36694fb4.5a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
36704fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36714fb4.5a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36724fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36734fb4.5a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
36744fb4.5a8: supR3HardenedDllNotificationCallback: load 00007ffa5d2f0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
36754fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
36764fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d2f0000 'C:\WINDOWS\System32\midimap.dll'
36774fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
36784fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36794fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d2f0000 'C:\WINDOWS\System32\midimap.dll'
36804fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
36814fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36824fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d2f0000 'C:\WINDOWS\System32\midimap.dll'
36834fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
36844fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36854fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d2f0000 'C:\WINDOWS\System32\midimap.dll'
36864fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36874fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36884fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36894fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36904fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36914fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36924fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
36934fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36944fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
36954fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
36964fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
36974fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36984fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7f480000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
36994fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
37004fb4.1e3c: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
37014fb4.1e3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
37024fb4.1e3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
37034fb4.1e3c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000bb8 (hFile=0000000000000bbc) with 0xc0000022 -> STATUS_TRUST_FAILURE
37044fb4.1e3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
37054fb4.1e3c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000bbc (hFile=0000000000000bb8) with 0xc0000022 -> STATUS_TRUST_FAILURE
37064fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc0 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
37074fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001181dc0
37084fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001181dc0
37094fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3F8DF254BFF7C7F7A86EE4A6921EB22661029DB
37104fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
37114fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
37124fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1582_for_KB4088782~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
37134fb4.1e3c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37144fb4.1e3c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
37154fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab3b70000 'C:\WINDOWS\system32\rsaenh.dll'
37164fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4c80000 'C:\WINDOWS\System32\crypt32.dll'
37174fb4.1e3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
37184fb4.1e3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
37194fb4.1e3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
37204fb4.1e3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
37214fb4.1e3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37224fb4.1e3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37234fb4.1e3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
37244fb4.1e3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
37254fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37264fb4.1e3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
37274fb4.1e3c: supR3HardenedDllNotificationCallback: load 00007ffab4280000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
37284fb4.1e3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
37294fb4.1e3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab4280000 'C:\WINDOWS\system32\mswsock.dll'
37304fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37314fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37324fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37334fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37344fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37354fb4.4f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
37364fb4.4f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37374fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37384fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
37394fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37404fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
37414fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
37424fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
37434fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37444fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
37454fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
37464fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5d340000 'C:\WINDOWS\System32\wdmaud.drv'
37474fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37484fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37494fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37504fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37514fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37524fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37534fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37544fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37554fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37564fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37574fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37584fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
37594fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37604fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
37614fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37624fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
37634fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37644fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
37654fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37664fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37674fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37684fb4.5a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
37694fb4.5a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37704fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37714fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37724fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37734fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37744fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37754fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37764fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37774fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37784fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37794fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
37804fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae000000 'C:\WINDOWS\System32\winmm.dll'
37814fb4.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7af40000 'C:\WINDOWS\system32\dsound.dll'
37824fb4.4f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab6250000 'C:\WINDOWS\system32\shell32.dll'
37831060.47b4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 21936596 ms, the end);
37842aac.1a48: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 21937820 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy