VirtualBox

Ticket #18404: VBoxHardening.log

File VBoxHardening.log, 413.9 KB (added by BartHandels, 6 years ago)

VBoxHardening.log

Line 
13978.7d4: Log file opened: 6.0.4r128413 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03fab00
23978.7d4: \SystemRoot\System32\ntdll.dll:
33978.7d4: CreationTime: 2018-12-06T10:34:30.695793800Z
43978.7d4: LastWriteTime: 2018-10-30T05:58:01.615798800Z
53978.7d4: ChangeTime: 2019-01-02T20:13:08.130541800Z
63978.7d4: FileAttributes: 0x20
73978.7d4: Size: 0x1dd0a8
83978.7d4: NT Headers: 0xe0
93978.7d4: Timestamp: 0x11105c69
103978.7d4: Machine: 0x8664 - amd64
113978.7d4: Timestamp: 0x11105c69
123978.7d4: Image Version: 10.0
133978.7d4: SizeOfImage: 0x1e0000 (1966080)
143978.7d4: Resource Dir: 0x174000 LB 0x6a288
153978.7d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163978.7d4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173978.7d4: ProductName: Microsoft® Windows® Operating System
183978.7d4: ProductVersion: 10.0.16299.785
193978.7d4: FileVersion: 10.0.16299.785 (WinBuild.160101.0800)
203978.7d4: FileDescription: NT Layer DLL
213978.7d4: \SystemRoot\System32\kernel32.dll:
223978.7d4: CreationTime: 2018-05-22T06:53:40.510802600Z
233978.7d4: LastWriteTime: 2018-05-03T07:43:30.892187700Z
243978.7d4: ChangeTime: 2019-01-02T20:13:08.083663300Z
253978.7d4: FileAttributes: 0x20
263978.7d4: Size: 0xab868
273978.7d4: NT Headers: 0xe8
283978.7d4: Timestamp: 0x309fae94
293978.7d4: Machine: 0x8664 - amd64
303978.7d4: Timestamp: 0x309fae94
313978.7d4: Image Version: 10.0
323978.7d4: SizeOfImage: 0xae000 (712704)
333978.7d4: Resource Dir: 0xac000 LB 0x520
343978.7d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353978.7d4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363978.7d4: ProductName: Microsoft® Windows® Operating System
373978.7d4: ProductVersion: 10.0.16299.431
383978.7d4: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
393978.7d4: FileDescription: Windows NT BASE API Client DLL
403978.7d4: \SystemRoot\System32\KernelBase.dll:
413978.7d4: CreationTime: 2019-01-02T20:08:00.869445000Z
423978.7d4: LastWriteTime: 2018-11-07T06:32:01.845036500Z
433978.7d4: ChangeTime: 2019-01-02T22:34:17.007487800Z
443978.7d4: FileAttributes: 0x20
453978.7d4: Size: 0x266270
463978.7d4: NT Headers: 0xf0
473978.7d4: Timestamp: 0xe0e03037
483978.7d4: Machine: 0x8664 - amd64
493978.7d4: Timestamp: 0xe0e03037
503978.7d4: Image Version: 10.0
513978.7d4: SizeOfImage: 0x266000 (2514944)
523978.7d4: Resource Dir: 0x245000 LB 0x548
533978.7d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543978.7d4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553978.7d4: ProductName: Microsoft® Windows® Operating System
563978.7d4: ProductVersion: 10.0.16299.820
573978.7d4: FileVersion: 10.0.16299.820 (WinBuild.160101.0800)
583978.7d4: FileDescription: Windows NT BASE API Client DLL
593978.7d4: \SystemRoot\System32\apisetschema.dll:
603978.7d4: CreationTime: 2018-09-24T13:43:17.385738500Z
613978.7d4: LastWriteTime: 2018-07-18T03:26:42.333897700Z
623978.7d4: ChangeTime: 2019-01-02T20:13:08.161796500Z
633978.7d4: FileAttributes: 0x20
643978.7d4: Size: 0x1b3b8
653978.7d4: NT Headers: 0xc8
663978.7d4: Timestamp: 0x35fd1902
673978.7d4: Machine: 0x8664 - amd64
683978.7d4: Timestamp: 0x35fd1902
693978.7d4: Image Version: 10.0
703978.7d4: SizeOfImage: 0x1c000 (114688)
713978.7d4: Resource Dir: 0x1b000 LB 0x408
723978.7d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733978.7d4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743978.7d4: ProductName: Microsoft® Windows® Operating System
753978.7d4: ProductVersion: 10.0.16299.579
763978.7d4: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
773978.7d4: FileDescription: ApiSet Schema DLL
783978.7d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793978.7d4: supR3HardenedWinFindAdversaries: 0x20
803978.7d4: \SystemRoot\System32\drivers\mfeavfk.sys:
813978.7d4: CreationTime: 2018-03-29T18:34:07.855862500Z
823978.7d4: LastWriteTime: 2018-09-24T11:09:10.410825700Z
833978.7d4: ChangeTime: 2018-09-24T11:09:10.410825700Z
843978.7d4: FileAttributes: 0x20
853978.7d4: Size: 0x57fa0
863978.7d4: NT Headers: 0xe8
873978.7d4: Timestamp: 0x5aa81554
883978.7d4: Machine: 0x8664 - amd64
893978.7d4: Timestamp: 0x5aa81554
903978.7d4: Image Version: 0.0
913978.7d4: SizeOfImage: 0x58000 (360448)
923978.7d4: Resource Dir: 0x56000 LB 0x758
933978.7d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
943978.7d4: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
953978.7d4: ProductName: SYSCORE
963978.7d4: ProductVersion: 15.8.0.412
973978.7d4: FileVersion: SYSCORE.15.8.0.412
983978.7d4: PrivateBuild: SYSCORE.15.8.0.412 F15,F16,F19
993978.7d4: FileDescription: Anti-Virus File System Filter Driver
1003978.7d4: \SystemRoot\System32\drivers\mfefirek.sys:
1013978.7d4: CreationTime: 2018-03-29T18:34:07.871489000Z
1023978.7d4: LastWriteTime: 2018-09-24T11:09:10.538195300Z
1033978.7d4: ChangeTime: 2018-09-24T11:09:10.538195300Z
1043978.7d4: FileAttributes: 0x20
1053978.7d4: Size: 0x817a0
1063978.7d4: NT Headers: 0xf0
1073978.7d4: Timestamp: 0x5aa815fd
1083978.7d4: Machine: 0x8664 - amd64
1093978.7d4: Timestamp: 0x5aa815fd
1103978.7d4: Image Version: 0.0
1113978.7d4: SizeOfImage: 0x84000 (540672)
1123978.7d4: Resource Dir: 0x80000 LB 0x388
1133978.7d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1143978.7d4: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
1153978.7d4: ProductName: SYSCORE
1163978.7d4: ProductVersion: 15.8.0.412
1173978.7d4: FileVersion: SYSCORE.15.8.0.412
1183978.7d4: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
1193978.7d4: FileDescription: McAfee Core Firewall Engine Driver
1203978.7d4: \SystemRoot\System32\drivers\mfehidk.sys:
1213978.7d4: CreationTime: 2017-07-06T23:47:30.915735200Z
1223978.7d4: LastWriteTime: 2018-09-24T11:09:10.303038900Z
1233978.7d4: ChangeTime: 2018-09-24T11:09:10.303038900Z
1243978.7d4: FileAttributes: 0x20
1253978.7d4: Size: 0xe8ba0
1263978.7d4: NT Headers: 0x100
1273978.7d4: Timestamp: 0x5aa814e0
1283978.7d4: Machine: 0x8664 - amd64
1293978.7d4: Timestamp: 0x5aa814e0
1303978.7d4: Image Version: 0.0
1313978.7d4: SizeOfImage: 0xf3000 (995328)
1323978.7d4: Resource Dir: 0xef000 LB 0x758
1333978.7d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1343978.7d4: [Raw version resource data: 0xef110 LB 0x320, codepage 0x0 (reserved 0x0)]
1353978.7d4: ProductName: SYSCORE
1363978.7d4: ProductVersion: 15.8.0.412
1373978.7d4: FileVersion: SYSCORE.15.8.0.412
1383978.7d4: PrivateBuild: SYSCORE.15.8.0.412 F14,F15,F16,F18,F20
1393978.7d4: FileDescription: McAfee Link Driver
1403978.7d4: \SystemRoot\System32\drivers\mfewfpk.sys:
1413978.7d4: CreationTime: 2017-07-06T23:49:46.728458100Z
1423978.7d4: LastWriteTime: 2018-09-24T11:09:10.334622700Z
1433978.7d4: ChangeTime: 2018-09-24T11:09:10.334622700Z
1443978.7d4: FileAttributes: 0x20
1453978.7d4: Size: 0x3dba0
1463978.7d4: NT Headers: 0x100
1473978.7d4: Timestamp: 0x5aa814fd
1483978.7d4: Machine: 0x8664 - amd64
1493978.7d4: Timestamp: 0x5aa814fd
1503978.7d4: Image Version: 0.0
1513978.7d4: SizeOfImage: 0x59000 (364544)
1523978.7d4: Resource Dir: 0x57000 LB 0x380
1533978.7d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1543978.7d4: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1553978.7d4: ProductName: SYSCORE
1563978.7d4: ProductVersion: 15.8.0.412
1573978.7d4: FileVersion: SYSCORE.15.8.0.412
1583978.7d4: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
1593978.7d4: FileDescription: Anti-Virus Mini-Firewall Driver
1603978.7d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1613978.7d4: Calling main()
1623978.7d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1633978.7d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1643978.7d4: SUPR3HardenedMain: Respawn #1
1653978.7d4: System32: \Device\HarddiskVolume4\Windows\System32
1663978.7d4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1673978.7d4: KnownDllPath: C:\WINDOWS\System32
1683978.7d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1693978.7d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1703978.7d4: supR3HardNtEnableThreadCreation:
1713978.7d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7d478e00 pvNtTerminateThread=00007ffb7d4a0b20
1723978.7d4: supR3HardenedWinDoReSpawn(1): New child 2f28.26d8 [kernel32].
1733978.7d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000358000 cbPeb=0x388
1743978.7d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb7d400000 uNtDllChildAddr=00007ffb7d400000
1753978.7d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb7d478e00
1763978.7d4: supR3HardenedWinSetupChildInit: Start child.
1773978.7d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1783978.7d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 31 sleeps
1793978.7d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1803978.7d4: *0000000000000000-00000000001dffff 0x0001/0x0000 0x0000000
1813978.7d4: *00000000001e0000-00000000001fffff 0x0004/0x0004 0x0020000
1823978.7d4: *0000000000200000-0000000000357fff 0x0000/0x0004 0x0020000
1833978.7d4: 0000000000358000-000000000035afff 0x0004/0x0004 0x0020000
1843978.7d4: 000000000035b000-00000000003fffff 0x0000/0x0004 0x0020000
1853978.7d4: *0000000000400000-0000000000418fff 0x0002/0x0002 0x0040000
1863978.7d4: 0000000000419000-000000000041ffff 0x0001/0x0000 0x0000000
1873978.7d4: *0000000000420000-000000000051afff 0x0000/0x0004 0x0020000
1883978.7d4: 000000000051b000-000000000051dfff 0x0104/0x0004 0x0020000
1893978.7d4: 000000000051e000-000000000051ffff 0x0004/0x0004 0x0020000
1903978.7d4: *0000000000520000-0000000000523fff 0x0002/0x0002 0x0040000
1913978.7d4: 0000000000524000-000000000052ffff 0x0001/0x0000 0x0000000
1923978.7d4: *0000000000530000-0000000000530fff 0x0004/0x0004 0x0020000
1933978.7d4: 0000000000531000-000000007ffdffff 0x0001/0x0000 0x0000000
1943978.7d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1953978.7d4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1963978.7d4: 000000007fff0000-00007ff7d4adffff 0x0001/0x0000 0x0000000
1973978.7d4: *00007ff7d4ae0000-00007ff7d4b02fff 0x0002/0x0002 0x0040000
1983978.7d4: 00007ff7d4b03000-00007ff7d572ffff 0x0001/0x0000 0x0000000
1993978.7d4: *00007ff7d5730000-00007ff7d5730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2003978.7d4: 00007ff7d5731000-00007ff7d57a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2013978.7d4: 00007ff7d57a4000-00007ff7d57a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2023978.7d4: 00007ff7d57a5000-00007ff7d57ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2033978.7d4: 00007ff7d57ec000-00007ff7d57ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2043978.7d4: 00007ff7d57ed000-00007ff7d57edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2053978.7d4: 00007ff7d57ee000-00007ff7d57f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2063978.7d4: 00007ff7d57f3000-00007ff7d57f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2073978.7d4: 00007ff7d57f4000-00007ff7d57f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2083978.7d4: 00007ff7d57f5000-00007ff7d57f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2093978.7d4: 00007ff7d57f9000-00007ff7d5841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2103978.7d4: 00007ff7d5842000-00007ffb7d3fffff 0x0001/0x0000 0x0000000
2113978.7d4: *00007ffb7d400000-00007ffb7d400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2123978.7d4: 00007ffb7d401000-00007ffb7d512fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2133978.7d4: 00007ffb7d513000-00007ffb7d558fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2143978.7d4: 00007ffb7d559000-00007ffb7d560fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2153978.7d4: 00007ffb7d561000-00007ffb7d56efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2163978.7d4: 00007ffb7d56f000-00007ffb7d56ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2173978.7d4: 00007ffb7d570000-00007ffb7d572fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2183978.7d4: 00007ffb7d573000-00007ffb7d5dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2193978.7d4: 00007ffb7d5e0000-00007ffffffdffff 0x0001/0x0000 0x0000000
2203978.7d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2213978.7d4: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS)
2223978.7d4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2233978.7d4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2243978.7d4: supR3HardNtChildPurify: Done after 620 ms and 0 fixes (loop #0).
2252f28.26d8: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
2262f28.26d8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb7d400000 g_uNtVerCombined=0xa03fab00
2273978.7d4: supR3HardNtEnableThreadCreation:
2282f28.26d8: ntdll.dll: timestamp 0x11105c69 (rc=VINF_SUCCESS)
2292f28.26d8: New simple heap: #1 0000000000640000 LB 0x400000 (for 1966080 allocation)
2302f28.26d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2312f28.26d8: System32: \Device\HarddiskVolume4\Windows\System32
2322f28.26d8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2332f28.26d8: KnownDllPath: C:\WINDOWS\System32
2342f28.26d8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2352f28.26d8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2362f28.26d8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2372f28.26d8: Registered Dll notification callback with NTDLL.
2382f28.26d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
2392f28.26d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2402f28.26d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2412f28.26d8: supR3HardenedDllNotificationCallback: load 00007ffb79be0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2422f28.26d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
2432f28.26d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
2442f28.26d8: supR3HardenedDllNotificationCallback: load 00007ffb7cb60000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2452f28.26d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2462f28.26d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\KERNEL32.DLL'
2472f28.26d8: supR3HardenedDllNotificationCallback: load 00007ff7d5730000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
2482f28.26d8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2492f28.26d8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2502f28.26d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2512f28.26d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7d478e00 pvNtTerminateThread=00007ffb7d4a0b20
2523978.7d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 156 ms.
2532f28.26d8: \SystemRoot\System32\ntdll.dll:
2542f28.26d8: CreationTime: 2018-12-06T10:34:30.695793800Z
2552f28.26d8: LastWriteTime: 2018-10-30T05:58:01.615798800Z
2562f28.26d8: ChangeTime: 2019-01-02T20:13:08.130541800Z
2572f28.26d8: FileAttributes: 0x20
2582f28.26d8: Size: 0x1dd0a8
2592f28.26d8: NT Headers: 0xe0
2602f28.26d8: Timestamp: 0x11105c69
2612f28.26d8: Machine: 0x8664 - amd64
2622f28.26d8: Timestamp: 0x11105c69
2632f28.26d8: Image Version: 10.0
2642f28.26d8: SizeOfImage: 0x1e0000 (1966080)
2652f28.26d8: Resource Dir: 0x174000 LB 0x6a288
2662f28.26d8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2672f28.26d8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2682f28.26d8: ProductName: Microsoft® Windows® Operating System
2692f28.26d8: ProductVersion: 10.0.16299.785
2702f28.26d8: FileVersion: 10.0.16299.785 (WinBuild.160101.0800)
2712f28.26d8: FileDescription: NT Layer DLL
2722f28.26d8: \SystemRoot\System32\kernel32.dll:
2732f28.26d8: CreationTime: 2018-05-22T06:53:40.510802600Z
2742f28.26d8: LastWriteTime: 2018-05-03T07:43:30.892187700Z
2752f28.26d8: ChangeTime: 2019-01-02T20:13:08.083663300Z
2762f28.26d8: FileAttributes: 0x20
2772f28.26d8: Size: 0xab868
2782f28.26d8: NT Headers: 0xe8
2792f28.26d8: Timestamp: 0x309fae94
2802f28.26d8: Machine: 0x8664 - amd64
2812f28.26d8: Timestamp: 0x309fae94
2822f28.26d8: Image Version: 10.0
2832f28.26d8: SizeOfImage: 0xae000 (712704)
2842f28.26d8: Resource Dir: 0xac000 LB 0x520
2852f28.26d8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2862f28.26d8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2872f28.26d8: ProductName: Microsoft® Windows® Operating System
2882f28.26d8: ProductVersion: 10.0.16299.431
2892f28.26d8: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
2902f28.26d8: FileDescription: Windows NT BASE API Client DLL
2912f28.26d8: \SystemRoot\System32\KernelBase.dll:
2922f28.26d8: CreationTime: 2019-01-02T20:08:00.869445000Z
2932f28.26d8: LastWriteTime: 2018-11-07T06:32:01.845036500Z
2942f28.26d8: ChangeTime: 2019-01-02T22:34:17.007487800Z
2952f28.26d8: FileAttributes: 0x20
2962f28.26d8: Size: 0x266270
2972f28.26d8: NT Headers: 0xf0
2982f28.26d8: Timestamp: 0xe0e03037
2992f28.26d8: Machine: 0x8664 - amd64
3002f28.26d8: Timestamp: 0xe0e03037
3012f28.26d8: Image Version: 10.0
3022f28.26d8: SizeOfImage: 0x266000 (2514944)
3032f28.26d8: Resource Dir: 0x245000 LB 0x548
3042f28.26d8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3052f28.26d8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3062f28.26d8: ProductName: Microsoft® Windows® Operating System
3072f28.26d8: ProductVersion: 10.0.16299.820
3082f28.26d8: FileVersion: 10.0.16299.820 (WinBuild.160101.0800)
3092f28.26d8: FileDescription: Windows NT BASE API Client DLL
3102f28.26d8: \SystemRoot\System32\apisetschema.dll:
3112f28.26d8: CreationTime: 2018-09-24T13:43:17.385738500Z
3122f28.26d8: LastWriteTime: 2018-07-18T03:26:42.333897700Z
3132f28.26d8: ChangeTime: 2019-01-02T20:13:08.161796500Z
3142f28.26d8: FileAttributes: 0x20
3152f28.26d8: Size: 0x1b3b8
3162f28.26d8: NT Headers: 0xc8
3172f28.26d8: Timestamp: 0x35fd1902
3182f28.26d8: Machine: 0x8664 - amd64
3192f28.26d8: Timestamp: 0x35fd1902
3202f28.26d8: Image Version: 10.0
3212f28.26d8: SizeOfImage: 0x1c000 (114688)
3222f28.26d8: Resource Dir: 0x1b000 LB 0x408
3232f28.26d8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3242f28.26d8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3252f28.26d8: ProductName: Microsoft® Windows® Operating System
3262f28.26d8: ProductVersion: 10.0.16299.579
3272f28.26d8: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
3282f28.26d8: FileDescription: ApiSet Schema DLL
3292f28.26d8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3302f28.26d8: supR3HardenedWinFindAdversaries: 0x20
3312f28.26d8: \SystemRoot\System32\drivers\mfeavfk.sys:
3322f28.26d8: CreationTime: 2018-03-29T18:34:07.855862500Z
3332f28.26d8: LastWriteTime: 2018-09-24T11:09:10.410825700Z
3342f28.26d8: ChangeTime: 2018-09-24T11:09:10.410825700Z
3352f28.26d8: FileAttributes: 0x20
3362f28.26d8: Size: 0x57fa0
3372f28.26d8: NT Headers: 0xe8
3382f28.26d8: Timestamp: 0x5aa81554
3392f28.26d8: Machine: 0x8664 - amd64
3402f28.26d8: Timestamp: 0x5aa81554
3412f28.26d8: Image Version: 0.0
3422f28.26d8: SizeOfImage: 0x58000 (360448)
3432f28.26d8: Resource Dir: 0x56000 LB 0x758
3442f28.26d8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3452f28.26d8: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
3462f28.26d8: ProductName: SYSCORE
3472f28.26d8: ProductVersion: 15.8.0.412
3482f28.26d8: FileVersion: SYSCORE.15.8.0.412
3492f28.26d8: PrivateBuild: SYSCORE.15.8.0.412 F15,F16,F19
3502f28.26d8: FileDescription: Anti-Virus File System Filter Driver
3512f28.26d8: \SystemRoot\System32\drivers\mfefirek.sys:
3522f28.26d8: CreationTime: 2018-03-29T18:34:07.871489000Z
3532f28.26d8: LastWriteTime: 2018-09-24T11:09:10.538195300Z
3542f28.26d8: ChangeTime: 2018-09-24T11:09:10.538195300Z
3552f28.26d8: FileAttributes: 0x20
3562f28.26d8: Size: 0x817a0
3572f28.26d8: NT Headers: 0xf0
3582f28.26d8: Timestamp: 0x5aa815fd
3592f28.26d8: Machine: 0x8664 - amd64
3602f28.26d8: Timestamp: 0x5aa815fd
3612f28.26d8: Image Version: 0.0
3622f28.26d8: SizeOfImage: 0x84000 (540672)
3632f28.26d8: Resource Dir: 0x80000 LB 0x388
3642f28.26d8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3652f28.26d8: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
3662f28.26d8: ProductName: SYSCORE
3672f28.26d8: ProductVersion: 15.8.0.412
3682f28.26d8: FileVersion: SYSCORE.15.8.0.412
3692f28.26d8: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
3702f28.26d8: FileDescription: McAfee Core Firewall Engine Driver
3712f28.26d8: \SystemRoot\System32\drivers\mfehidk.sys:
3722f28.26d8: CreationTime: 2017-07-06T23:47:30.915735200Z
3732f28.26d8: LastWriteTime: 2018-09-24T11:09:10.303038900Z
3742f28.26d8: ChangeTime: 2018-09-24T11:09:10.303038900Z
3752f28.26d8: FileAttributes: 0x20
3762f28.26d8: Size: 0xe8ba0
3772f28.26d8: NT Headers: 0x100
3782f28.26d8: Timestamp: 0x5aa814e0
3792f28.26d8: Machine: 0x8664 - amd64
3802f28.26d8: Timestamp: 0x5aa814e0
3812f28.26d8: Image Version: 0.0
3822f28.26d8: SizeOfImage: 0xf3000 (995328)
3832f28.26d8: Resource Dir: 0xef000 LB 0x758
3842f28.26d8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3852f28.26d8: [Raw version resource data: 0xef110 LB 0x320, codepage 0x0 (reserved 0x0)]
3862f28.26d8: ProductName: SYSCORE
3872f28.26d8: ProductVersion: 15.8.0.412
3882f28.26d8: FileVersion: SYSCORE.15.8.0.412
3892f28.26d8: PrivateBuild: SYSCORE.15.8.0.412 F14,F15,F16,F18,F20
3902f28.26d8: FileDescription: McAfee Link Driver
3912f28.26d8: \SystemRoot\System32\drivers\mfewfpk.sys:
3922f28.26d8: CreationTime: 2017-07-06T23:49:46.728458100Z
3932f28.26d8: LastWriteTime: 2018-09-24T11:09:10.334622700Z
3942f28.26d8: ChangeTime: 2018-09-24T11:09:10.334622700Z
3952f28.26d8: FileAttributes: 0x20
3962f28.26d8: Size: 0x3dba0
3972f28.26d8: NT Headers: 0x100
3982f28.26d8: Timestamp: 0x5aa814fd
3992f28.26d8: Machine: 0x8664 - amd64
4002f28.26d8: Timestamp: 0x5aa814fd
4012f28.26d8: Image Version: 0.0
4022f28.26d8: SizeOfImage: 0x59000 (364544)
4032f28.26d8: Resource Dir: 0x57000 LB 0x380
4042f28.26d8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4052f28.26d8: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
4062f28.26d8: ProductName: SYSCORE
4072f28.26d8: ProductVersion: 15.8.0.412
4082f28.26d8: FileVersion: SYSCORE.15.8.0.412
4092f28.26d8: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
4102f28.26d8: FileDescription: Anti-Virus Mini-Firewall Driver
4112f28.26d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4122f28.26d8: Calling main()
4132f28.26d8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4142f28.26d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4152f28.26d8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4162f28.26d8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4172f28.26d8: SUPR3HardenedMain: Respawn #2
4182f28.26d8: supR3HardNtEnableThreadCreation:
4192f28.26d8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4202f28.26d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
4212f28.26d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4222f28.26d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4232f28.26d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7d400000 'C:\WINDOWS\System32\ntdll.dll'
4242f28.26d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7d478e00 pvNtTerminateThread=00007ffb7d4a0b20
4252f28.26d8: supR3HardenedWinDoReSpawn(2): New child 1a04.3a64 [kernel32].
4262f28.26d8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
4272f28.26d8: supR3HardNtChildGatherData: PebBaseAddress=0000000000341000 cbPeb=0x388
4282f28.26d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb7d400000 uNtDllChildAddr=00007ffb7d400000
4292f28.26d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb7d478e00
4302f28.26d8: supR3HardenedWinSetupChildInit: Start child.
4312f28.26d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4322f28.26d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 524 ms, 29 sleeps
4332f28.26d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4342f28.26d8: *0000000000000000-000000000007ffff 0x0001/0x0000 0x0000000
4352f28.26d8: *0000000000080000-000000000009ffff 0x0004/0x0004 0x0020000
4362f28.26d8: *00000000000a0000-00000000000b8fff 0x0002/0x0002 0x0040000
4372f28.26d8: 00000000000b9000-00000000000bffff 0x0001/0x0000 0x0000000
4382f28.26d8: *00000000000c0000-00000000001bafff 0x0000/0x0004 0x0020000
4392f28.26d8: 00000000001bb000-00000000001bdfff 0x0104/0x0004 0x0020000
4402f28.26d8: 00000000001be000-00000000001bffff 0x0004/0x0004 0x0020000
4412f28.26d8: *00000000001c0000-00000000001c3fff 0x0002/0x0002 0x0040000
4422f28.26d8: 00000000001c4000-00000000001cffff 0x0001/0x0000 0x0000000
4432f28.26d8: *00000000001d0000-00000000001d0fff 0x0004/0x0004 0x0020000
4442f28.26d8: 00000000001d1000-00000000001fffff 0x0001/0x0000 0x0000000
4452f28.26d8: *0000000000200000-0000000000340fff 0x0000/0x0004 0x0020000
4462f28.26d8: 0000000000341000-0000000000343fff 0x0004/0x0004 0x0020000
4472f28.26d8: 0000000000344000-00000000003fffff 0x0000/0x0004 0x0020000
4482f28.26d8: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
4492f28.26d8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4502f28.26d8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4512f28.26d8: 000000007fff0000-00007ff7d558ffff 0x0001/0x0000 0x0000000
4522f28.26d8: *00007ff7d5590000-00007ff7d55b2fff 0x0002/0x0002 0x0040000
4532f28.26d8: 00007ff7d55b3000-00007ff7d572ffff 0x0001/0x0000 0x0000000
4542f28.26d8: *00007ff7d5730000-00007ff7d5730fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4552f28.26d8: 00007ff7d5731000-00007ff7d57a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4562f28.26d8: 00007ff7d57a4000-00007ff7d57a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4572f28.26d8: 00007ff7d57a5000-00007ff7d57ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4582f28.26d8: 00007ff7d57ec000-00007ff7d57ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4592f28.26d8: 00007ff7d57ed000-00007ff7d57edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4602f28.26d8: 00007ff7d57ee000-00007ff7d57f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4612f28.26d8: 00007ff7d57f3000-00007ff7d57f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4622f28.26d8: 00007ff7d57f4000-00007ff7d57f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4632f28.26d8: 00007ff7d57f5000-00007ff7d57f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4642f28.26d8: 00007ff7d57f9000-00007ff7d5841fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4652f28.26d8: 00007ff7d5842000-00007ffb7d3fffff 0x0001/0x0000 0x0000000
4662f28.26d8: *00007ffb7d400000-00007ffb7d400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4672f28.26d8: 00007ffb7d401000-00007ffb7d512fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4682f28.26d8: 00007ffb7d513000-00007ffb7d558fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4692f28.26d8: 00007ffb7d559000-00007ffb7d560fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4702f28.26d8: 00007ffb7d561000-00007ffb7d56efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4712f28.26d8: 00007ffb7d56f000-00007ffb7d56ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4722f28.26d8: 00007ffb7d570000-00007ffb7d572fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4732f28.26d8: 00007ffb7d573000-00007ffb7d5dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4742f28.26d8: 00007ffb7d5e0000-00007ffffffdffff 0x0001/0x0000 0x0000000
4752f28.26d8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
4762f28.26d8: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS)
4772f28.26d8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4782f28.26d8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4792f28.26d8: supR3HardNtChildPurify: Done after 596 ms and 0 fixes (loop #0).
4802f28.26d8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000640000 LB 0x400000)
4811a04.3a64: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
4822f28.26d8: supR3HardNtEnableThreadCreation:
4831a04.3a64: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb7d400000 g_uNtVerCombined=0xa03fab00
4841a04.3a64: ntdll.dll: timestamp 0x11105c69 (rc=VINF_SUCCESS)
4851a04.3a64: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation)
4861a04.3a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4871a04.3a64: System32: \Device\HarddiskVolume4\Windows\System32
4881a04.3a64: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
4891a04.3a64: KnownDllPath: C:\WINDOWS\System32
4901a04.3a64: supR3HardenedVmProcessInit: Opening vboxdrv...
4911a04.3a64: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4921a04.3a64: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4931a04.3a64: Registered Dll notification callback with NTDLL.
4941a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
4951a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
4961a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
4971a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79be0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
4981a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
4991a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
5001a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cb60000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
5011a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5021a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\KERNEL32.DLL'
5031a04.3a64: supR3HardenedDllNotificationCallback: load 00007ff7d5730000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5041a04.3a64: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5051a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5061a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5071a04.3a64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7d478e00 pvNtTerminateThread=00007ffb7d4a0b20
5082f28.26d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 190 ms.
5091a04.3a64: \SystemRoot\System32\ntdll.dll:
5101a04.3a64: CreationTime: 2018-12-06T10:34:30.695793800Z
5111a04.3a64: LastWriteTime: 2018-10-30T05:58:01.615798800Z
5121a04.3a64: ChangeTime: 2019-01-02T20:13:08.130541800Z
5131a04.3a64: FileAttributes: 0x20
5141a04.3a64: Size: 0x1dd0a8
5151a04.3a64: NT Headers: 0xe0
5161a04.3a64: Timestamp: 0x11105c69
5171a04.3a64: Machine: 0x8664 - amd64
5181a04.3a64: Timestamp: 0x11105c69
5191a04.3a64: Image Version: 10.0
5201a04.3a64: SizeOfImage: 0x1e0000 (1966080)
5211a04.3a64: Resource Dir: 0x174000 LB 0x6a288
5221a04.3a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5231a04.3a64: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5241a04.3a64: ProductName: Microsoft® Windows® Operating System
5251a04.3a64: ProductVersion: 10.0.16299.785
5261a04.3a64: FileVersion: 10.0.16299.785 (WinBuild.160101.0800)
5271a04.3a64: FileDescription: NT Layer DLL
5281a04.3a64: \SystemRoot\System32\kernel32.dll:
5291a04.3a64: CreationTime: 2018-05-22T06:53:40.510802600Z
5301a04.3a64: LastWriteTime: 2018-05-03T07:43:30.892187700Z
5311a04.3a64: ChangeTime: 2019-01-02T20:13:08.083663300Z
5321a04.3a64: FileAttributes: 0x20
5331a04.3a64: Size: 0xab868
5341a04.3a64: NT Headers: 0xe8
5351a04.3a64: Timestamp: 0x309fae94
5361a04.3a64: Machine: 0x8664 - amd64
5371a04.3a64: Timestamp: 0x309fae94
5381a04.3a64: Image Version: 10.0
5391a04.3a64: SizeOfImage: 0xae000 (712704)
5401a04.3a64: Resource Dir: 0xac000 LB 0x520
5411a04.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5421a04.3a64: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5431a04.3a64: ProductName: Microsoft® Windows® Operating System
5441a04.3a64: ProductVersion: 10.0.16299.431
5451a04.3a64: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
5461a04.3a64: FileDescription: Windows NT BASE API Client DLL
5471a04.3a64: \SystemRoot\System32\KernelBase.dll:
5481a04.3a64: CreationTime: 2019-01-02T20:08:00.869445000Z
5491a04.3a64: LastWriteTime: 2018-11-07T06:32:01.845036500Z
5501a04.3a64: ChangeTime: 2019-01-02T22:34:17.007487800Z
5511a04.3a64: FileAttributes: 0x20
5521a04.3a64: Size: 0x266270
5531a04.3a64: NT Headers: 0xf0
5541a04.3a64: Timestamp: 0xe0e03037
5551a04.3a64: Machine: 0x8664 - amd64
5561a04.3a64: Timestamp: 0xe0e03037
5571a04.3a64: Image Version: 10.0
5581a04.3a64: SizeOfImage: 0x266000 (2514944)
5591a04.3a64: Resource Dir: 0x245000 LB 0x548
5601a04.3a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5611a04.3a64: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5621a04.3a64: ProductName: Microsoft® Windows® Operating System
5631a04.3a64: ProductVersion: 10.0.16299.820
5641a04.3a64: FileVersion: 10.0.16299.820 (WinBuild.160101.0800)
5651a04.3a64: FileDescription: Windows NT BASE API Client DLL
5661a04.3a64: \SystemRoot\System32\apisetschema.dll:
5671a04.3a64: CreationTime: 2018-09-24T13:43:17.385738500Z
5681a04.3a64: LastWriteTime: 2018-07-18T03:26:42.333897700Z
5691a04.3a64: ChangeTime: 2019-01-02T20:13:08.161796500Z
5701a04.3a64: FileAttributes: 0x20
5711a04.3a64: Size: 0x1b3b8
5721a04.3a64: NT Headers: 0xc8
5731a04.3a64: Timestamp: 0x35fd1902
5741a04.3a64: Machine: 0x8664 - amd64
5751a04.3a64: Timestamp: 0x35fd1902
5761a04.3a64: Image Version: 10.0
5771a04.3a64: SizeOfImage: 0x1c000 (114688)
5781a04.3a64: Resource Dir: 0x1b000 LB 0x408
5791a04.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5801a04.3a64: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
5811a04.3a64: ProductName: Microsoft® Windows® Operating System
5821a04.3a64: ProductVersion: 10.0.16299.579
5831a04.3a64: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
5841a04.3a64: FileDescription: ApiSet Schema DLL
5851a04.3a64: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5861a04.3a64: supR3HardenedWinFindAdversaries: 0x20
5871a04.3a64: \SystemRoot\System32\drivers\mfeavfk.sys:
5881a04.3a64: CreationTime: 2018-03-29T18:34:07.855862500Z
5891a04.3a64: LastWriteTime: 2018-09-24T11:09:10.410825700Z
5901a04.3a64: ChangeTime: 2018-09-24T11:09:10.410825700Z
5911a04.3a64: FileAttributes: 0x20
5921a04.3a64: Size: 0x57fa0
5931a04.3a64: NT Headers: 0xe8
5941a04.3a64: Timestamp: 0x5aa81554
5951a04.3a64: Machine: 0x8664 - amd64
5961a04.3a64: Timestamp: 0x5aa81554
5971a04.3a64: Image Version: 0.0
5981a04.3a64: SizeOfImage: 0x58000 (360448)
5991a04.3a64: Resource Dir: 0x56000 LB 0x758
6001a04.3a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6011a04.3a64: [Raw version resource data: 0x56110 LB 0x334, codepage 0x0 (reserved 0x0)]
6021a04.3a64: ProductName: SYSCORE
6031a04.3a64: ProductVersion: 15.8.0.412
6041a04.3a64: FileVersion: SYSCORE.15.8.0.412
6051a04.3a64: PrivateBuild: SYSCORE.15.8.0.412 F15,F16,F19
6061a04.3a64: FileDescription: Anti-Virus File System Filter Driver
6071a04.3a64: \SystemRoot\System32\drivers\mfefirek.sys:
6081a04.3a64: CreationTime: 2018-03-29T18:34:07.871489000Z
6091a04.3a64: LastWriteTime: 2018-09-24T11:09:10.538195300Z
6101a04.3a64: ChangeTime: 2018-09-24T11:09:10.538195300Z
6111a04.3a64: FileAttributes: 0x20
6121a04.3a64: Size: 0x817a0
6131a04.3a64: NT Headers: 0xf0
6141a04.3a64: Timestamp: 0x5aa815fd
6151a04.3a64: Machine: 0x8664 - amd64
6161a04.3a64: Timestamp: 0x5aa815fd
6171a04.3a64: Image Version: 0.0
6181a04.3a64: SizeOfImage: 0x84000 (540672)
6191a04.3a64: Resource Dir: 0x80000 LB 0x388
6201a04.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6211a04.3a64: [Raw version resource data: 0x80060 LB 0x328, codepage 0x0 (reserved 0x0)]
6221a04.3a64: ProductName: SYSCORE
6231a04.3a64: ProductVersion: 15.8.0.412
6241a04.3a64: FileVersion: SYSCORE.15.8.0.412
6251a04.3a64: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
6261a04.3a64: FileDescription: McAfee Core Firewall Engine Driver
6271a04.3a64: \SystemRoot\System32\drivers\mfehidk.sys:
6281a04.3a64: CreationTime: 2017-07-06T23:47:30.915735200Z
6291a04.3a64: LastWriteTime: 2018-09-24T11:09:10.303038900Z
6301a04.3a64: ChangeTime: 2018-09-24T11:09:10.303038900Z
6311a04.3a64: FileAttributes: 0x20
6321a04.3a64: Size: 0xe8ba0
6331a04.3a64: NT Headers: 0x100
6341a04.3a64: Timestamp: 0x5aa814e0
6351a04.3a64: Machine: 0x8664 - amd64
6361a04.3a64: Timestamp: 0x5aa814e0
6371a04.3a64: Image Version: 0.0
6381a04.3a64: SizeOfImage: 0xf3000 (995328)
6391a04.3a64: Resource Dir: 0xef000 LB 0x758
6401a04.3a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6411a04.3a64: [Raw version resource data: 0xef110 LB 0x320, codepage 0x0 (reserved 0x0)]
6421a04.3a64: ProductName: SYSCORE
6431a04.3a64: ProductVersion: 15.8.0.412
6441a04.3a64: FileVersion: SYSCORE.15.8.0.412
6451a04.3a64: PrivateBuild: SYSCORE.15.8.0.412 F14,F15,F16,F18,F20
6461a04.3a64: FileDescription: McAfee Link Driver
6471a04.3a64: \SystemRoot\System32\drivers\mfewfpk.sys:
6481a04.3a64: CreationTime: 2017-07-06T23:49:46.728458100Z
6491a04.3a64: LastWriteTime: 2018-09-24T11:09:10.334622700Z
6501a04.3a64: ChangeTime: 2018-09-24T11:09:10.334622700Z
6511a04.3a64: FileAttributes: 0x20
6521a04.3a64: Size: 0x3dba0
6531a04.3a64: NT Headers: 0x100
6541a04.3a64: Timestamp: 0x5aa814fd
6551a04.3a64: Machine: 0x8664 - amd64
6561a04.3a64: Timestamp: 0x5aa814fd
6571a04.3a64: Image Version: 0.0
6581a04.3a64: SizeOfImage: 0x59000 (364544)
6591a04.3a64: Resource Dir: 0x57000 LB 0x380
6601a04.3a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6611a04.3a64: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
6621a04.3a64: ProductName: SYSCORE
6631a04.3a64: ProductVersion: 15.8.0.412
6641a04.3a64: FileVersion: SYSCORE.15.8.0.412
6651a04.3a64: PrivateBuild: SYSCORE.15.8.0.412 F17,F18
6661a04.3a64: FileDescription: Anti-Virus Mini-Firewall Driver
6671a04.3a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6681a04.3a64: Calling main()
6691a04.3a64: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6701a04.3a64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
6711a04.3a64: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6721a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6731a04.3a64: SUPR3HardenedMain: Final process, opening VBoxDrv...
6741a04.3a64: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
6751a04.3a64: supR3HardNtEnableThreadCreation:
6761a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6771a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6781a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6791a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6801a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb75180000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6811a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6821a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6831a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6841a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb75180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6851a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6861a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6871a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb75180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6881a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb75180000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6891a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6901a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6911a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
6921a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6931a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
6941a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
6951a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6961a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6971a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
6981a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
6991a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7001a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7011a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
7021a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
7031a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7041a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7051a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7061a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
7071a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
7081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7101a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
7111a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
7121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7131a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7141a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7151a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7161a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cd50000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
7171a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7181a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb797e0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
7191a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7201a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79ae0000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
7211a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
7221a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7231a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79910000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
7241a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7251a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c630000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
7261a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7271a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cf00000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7281a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7291a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
7301a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
7311a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cab0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
7321a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7331a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
7341a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
7351a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
7361a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
7371a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a0a0000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
7381a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7391a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7401a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7411a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
7421a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7431a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7441a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
7451a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
7461a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7471a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
7481a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
7491a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7501a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
7511a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
7521a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-l1-2-1'
7541a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\WINDOWS\system32\Wintrust.dll'
7551a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
7561a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7591a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7601a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7621a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7631a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7651a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7661a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7681a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7691a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7701a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7711a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb792b0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
7721a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7731a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb792b0000 'C:\WINDOWS\system32\bcrypt.dll'
7741a04.3a64: bcrypt.dll loaded at 00007ffb792b0000, BCryptOpenAlgorithmProvider at 00007ffb792b25a0, preloading providers:
7751a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
7761a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7771a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7781a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a850000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
7791a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
7801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a850000 'C:\WINDOWS\system32\bcryptprimitives.dll'
7811a04.3a64: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002968760)
7821a04.3a64: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000029714f0)
7831a04.3a64: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000029717c0)
7841a04.3a64: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002971a90)
7851a04.3a64: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002971d60)
7861a04.3a64: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002972030)
7871a04.3a64: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002972300)
7881a04.3a64: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000029729e0)
7891a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7901a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7911a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
7921a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7931a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7941a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
7951a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7961a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7971a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
7981a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7991a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8001a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
8011a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8021a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8031a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
8041a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8051a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8061a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
8071a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8081a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8091a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
8101a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
8111a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
8121a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb791a0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
8131a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8141a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
8151a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
8161a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
8171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8181a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8191a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8201a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8211a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8221a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb78be0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
8231a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8241a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
8251a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
8261a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
8271a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
8281a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb791c0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
8291a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8301a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8311a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
8321a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
8331a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8341a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8351a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
8361a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8371a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
8381a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8391a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8401a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\CRYPT32.dll'
8411a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cf60000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
8421a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
8431a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
8441a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8451a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8461a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
8471a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8481a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
8491a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
8501a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
8511a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb78160000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
8521a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8531a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79770000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
8541a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
8551a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
8561a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8571a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
8581a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
8591a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
8601a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8621a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8631a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8651a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8661a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8681a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8691a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8701a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8711a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8721a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8731a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8741a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb62240000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
8751a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8761a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8771a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8781a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8791a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8801a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8811a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8821a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8831a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8841a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8851a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8861a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8871a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8881a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8891a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8911a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8921a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
8931a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8941a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8951a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8961a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8971a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
8981a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8991a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
9001a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9011a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
9021a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9031a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
9041a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\WINDOWS\System32\cryptnet.dll'
9051a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9061a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb62240000 'C:\Windows\System32\cryptnet.dll'
9071a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9081a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9091a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9101a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9111a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9121a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9131a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9141a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000029760b0
9151a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
9161a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=93F8754DDF56BF121D9A018F2441212FFB80AD85
9171a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9181a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9191a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c630000 'C:\WINDOWS\System32\rpcrt4.dll'
9201a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9211a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9221a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9231a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9241a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9251a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9261a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9271a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9281a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9291a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9301a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9311a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9321a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9331a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9341a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
9351a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9361a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9371a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9381a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9391a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9401a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9411a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1395_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
9421a04.3a64: g_pfnWinVerifyTrust=00007ffb7a0a6bc0
9431a04.3a64: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9441a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9451a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9461a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9471a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9481a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9491a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9501a04.3a64: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
9511a04.3a64: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9521a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9531a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9541a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9551a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9561a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9571a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9581a04.3a64: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
9591a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
9601a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
9611a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
9621a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
9631a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9641a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9651a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9661a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9671a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
9681a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9691a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
9701a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9711a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9721a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9731a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
9741a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9761a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9771a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
9781a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9791a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9811a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
9821a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9831a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9841a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9851a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
9861a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9871a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9881a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9891a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
9901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9911a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9921a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
9931a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
9941a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9951a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9961a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
9971a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
9981a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9991a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10001a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10011a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10021a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
10031a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10041a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10051a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
10061a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10071a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10081a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
10091a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10101a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10111a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
10121a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10131a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10141a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
10151a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10161a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10171a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
10181a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10191a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10201a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
10211a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10221a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10231a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10241a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
10251a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10261a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10271a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
10281a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
10291a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
10301a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
10311a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\system32\crypt32.dll'
10321a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x27a4b8fcfcbc9800 C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=Philips Root CA
10331a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x7ed338a37388d400 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
10341a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
10351a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10361a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10371a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
10381a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10391a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10401a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
10411a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10421a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10431a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
10441a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10451a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10461a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x463c681df4fc60f O=Crossmatch, CN=Altus Local client Certificate Authority
10471a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10481a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10491a04.3a64: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=EMI Class 2 CA
10501a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
10511a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
10521a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
10531a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
10541a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
10551a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10561a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
10571a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
10581a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10591a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10601a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
10611a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
10621a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
10631a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10641a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10651a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10661a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10671a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10681a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
10691a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10701a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
10711a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
10721a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
10731a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
10741a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
10751a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
10761a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
10771a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
10781a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
10791a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
10801a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
10811a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
10821a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
10831a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
10841a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
10851a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
10861a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
10871a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
10881a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
10891a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
10901a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
10911a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
10921a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
10931a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
10941a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
10951a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x504c9e8a594d7cbb Email=al_certificate@natlab.research.philips.com, C=NL, ST=Brabant, L=Eindhoven, O=Philips International BV, OU=Philips Research International, CN=Certcerver.natlab.research.philips.com
10961a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x27a4b8fcfcbc9800 C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=Philips Root CA
10971a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0x823a20e5434ba900 C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=Philips Root CA
10981a04.3a64: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=EMI Class 2 Policy CA
10991a04.3a64: supR3HardenedWinIsDesiredRootCA: Adding 0xb7983c9b6108a900 C=NL, ST=Noord-Brabant, L=Eindhoven, O=Koninklijke Philips Electronics N.V., OU=C/IT, CN=Philips Root CA
11001a04.3a64: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=66
11011a04.3a64: SUPR3HardenedMain: Load Runtime...
11021a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
11031a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11041a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11051a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
11061a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11071a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11081a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11101a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11111a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
11121a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
11131a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11141a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
11151a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11161a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11181a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11191a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11221a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11231a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11241a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
11251a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11261a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
11271a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11291a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11311a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11321a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11331a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
11341a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
11351a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
11361a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
11371a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
11381a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11391a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11401a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11411a04.3a64: supR3HardenedDllNotificationCallback: load 0000000050ce0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
11421a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11431a04.3a64: supR3HardenedDllNotificationCallback: load 0000000050c40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11441a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11451a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cce0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
11461a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11471a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb27bd0000 LB 0x0052d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
11481a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11491a04.3a64: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11501a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
11511a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11521a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11541a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11551a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11561a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11571a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11581a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11591a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11601a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11611a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11621a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11631a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11641a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11651a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11661a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11671a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11681a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11691a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11701a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11711a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11721a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11731a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11741a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11761a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11771a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11781a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11791a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11811a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11821a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11831a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11841a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11851a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11861a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11871a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11881a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11891a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11911a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11921a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11931a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11941a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
11951a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11961a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11971a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11981a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
11991a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb27bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12001a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\WINDOWS\system32\Wintrust.dll'
12011a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12021a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
12031a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
12041a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12051a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12061a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
12071a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\system32\crypt32.dll'
12081a04.3a64: SUPR3HardenedMain: Load TrustedMain...
12091a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12101a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12111a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
12121a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12131a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12141a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12151a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12161a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12171a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12181a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12191a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12201a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12211a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12221a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12231a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12241a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12251a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12261a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12271a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12281a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
12291a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
12301a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12311a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
12321a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
12331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12371a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12381a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
12401a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
12411a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12421a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
12431a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
12441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12461a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12471a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12481a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
12491a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12501a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
12511a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
12521a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
12531a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
12541a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
12551a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
12561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12591a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12601a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
12611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12621a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12631a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
12641a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
12651a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
12661a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
12671a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
12681a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12691a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12701a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
12711a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
12721a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
12731a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
12741a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
12751a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
12761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12771a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12781a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
12791a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
12801a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
12811a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
12821a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
12831a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
12841a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
12851a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
12861a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12871a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12881a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
12891a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
12901a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
12911a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12921a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12931a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
12941a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12951a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
12961a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
12971a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
12981a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12991a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13001a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
13011a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
13021a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
13031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13041a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13051a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13061a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13071a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13101a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
13111a04.3a64: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
13121a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
13131a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
13141a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
13151a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
13161a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13171a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13181a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
13191a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13221a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13231a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13241a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13251a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13261a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13271a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
13281a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13291a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13301a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13311a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13321a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13331a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13381a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13401a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13411a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
13421a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13431a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13441a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13451a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13461a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13471a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13481a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13491a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13501a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
13511a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13521a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13541a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
13551a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13561a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13571a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13581a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13591a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13601a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13611a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13621a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
13631a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13661a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
13671a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13681a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13691a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13701a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13711a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13721a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13731a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13741a04.3a64: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
13751a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13771a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13781a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13791a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13801a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13811a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13821a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13831a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13841a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
13851a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13861a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
13871a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
13881a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
13891a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
13901a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13911a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13921a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13931a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13941a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13951a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13961a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13971a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13981a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
13991a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14001a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14011a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14021a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14041a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14051a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14061a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14071a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14101a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14111a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14131a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14151a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14161a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14181a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14191a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
14201a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14211a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14221a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14231a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14241a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14251a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
14261a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14291a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14311a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14321a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14351a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14381a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
14391a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
14401a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
14411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14431a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
14441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14461a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
14471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14491a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14501a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14511a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14521a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
14531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14541a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14551a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14581a04.3a64: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
14591a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14601a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14611a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
14621a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
14631a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
14641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14661a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14681a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14691a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14701a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14711a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14721a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
14731a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14741a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14751a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
14761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14771a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14781a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14791a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14801a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14811a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14821a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14831a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14841a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
14851a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14861a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14871a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
14881a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14891a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14901a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
14911a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14921a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14931a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
14941a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14951a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14961a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14971a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14981a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14991a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15001a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15011a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15021a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15041a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15051a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15061a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15071a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15101a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15111a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15131a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15151a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15161a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15181a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15191a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15221a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15231a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15241a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15251a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15261a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
15271a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15291a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15301a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15311a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
15321a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15351a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
15361a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
15371a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
15381a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15401a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15431a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
15441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
15451a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
15461a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
15471a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
15481a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
15491a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
15501a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
15511a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15521a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15531a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
15541a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
15551a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
15561a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
15571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15591a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
15601a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
15611a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
15621a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
15631a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
15641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15661a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15681a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15691a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
15701a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15711a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15721a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15731a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15741a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15751a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
15761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15771a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15781a04.3a64: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
15791a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15801a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15811a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15821a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15831a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15841a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15851a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15861a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15871a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15881a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15891a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
15901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
15911a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
15921a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15931a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
15941a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15951a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
15961a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
15971a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
15981a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15991a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16001a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16011a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16021a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16031a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16041a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16051a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16061a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79850000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
16071a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16081a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79870000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
16091a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16101a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79e50000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
16111a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16121a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16131a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16141a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16151a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
16161a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
16171a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a8d0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
16181a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16191a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c920000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
16201a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16211a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb4b120000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
16221a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16231a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb43310000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16241a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
16251a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79800000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
16261a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
16271a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
16281a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a930000 LB 0x00306000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
16291a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16301a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c2b0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
16311a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16321a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
16331a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
16341a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
16351a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
16361a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c5d0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
16371a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16381a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
16391a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
16401a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
16411a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
16421a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79750000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
16431a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
16441a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
16451a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
16461a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
16471a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79790000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
16481a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
16491a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
16501a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
16511a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a100000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
16521a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16531a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
16541a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
16551a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
16561a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
16571a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
16581a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7ae70000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
16591a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
16601a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c370000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
16611a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16621a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb64710000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
16631a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16641a04.3a64: supR3HardenedDllNotificationCallback: load 00000000506d0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
16651a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16661a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb23bd0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
16671a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16681a04.3a64: supR3HardenedDllNotificationCallback: load 0000000050160000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
16691a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16701a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cc10000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
16711a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16721a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb241d0000 LB 0x005b3000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
16731a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16741a04.3a64: supR3HardenedDllNotificationCallback: load 0000000050100000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
16751a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16761a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb74c50000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
16771a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16781a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb74c80000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
16791a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16801a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb34800000 LB 0x01f3c000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
16811a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16821a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
16831a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
16841a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
16851a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
16861a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
16871a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
16881a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
16891a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
16901a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
16911a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
16921a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
16931a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
16941a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
16951a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
16961a04.3a64: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
16971a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
16981a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
16991a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
17001a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
17011a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
17021a04.3a64: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17031a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17041a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
17051a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
17061a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
17071a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
17081a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
17091a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
17101a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
17111a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
17121a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17131a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
17141a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
17151a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
17161a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17181a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17191a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
17201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17221a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
17231a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17241a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
17251a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17261a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17291a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17311a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17321a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17371a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
17381a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
17391a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
17401a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17421a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17431a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
17441a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17461a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17491a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
17501a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17511a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
17521a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17541a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17551a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17581a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17591a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
17601a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
17611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17621a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17631a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
17641a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
17651a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
17661a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17681a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17691a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
17701a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17711a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17721a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17731a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
17741a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
17751a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
17761a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17771a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
17781a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
17791a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-string-l1-1-0'
17811a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
17821a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17831a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-datetime-l1-1-1'
17841a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
17851a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
17861a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-obsolete-l1-2-0'
17871a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
17881a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
17891a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
17901a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
17911a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
17921a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17931a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17941a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
17951a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
17961a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
17971a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17981a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17991a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18001a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18011a04.3a64: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
18021a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18031a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7a900000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
18041a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
18051a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a900000 'C:\WINDOWS\system32\IMM32.DLL'
18061a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
18071a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
18081a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18091a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18101a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cab0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
18111a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb34800000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
18121a04.3a64: SUPR3HardenedMain: Calling TrustedMain (00007ffb348016c0)...
18131a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18141a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18151a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
18161a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18171a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18181a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18191a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18201a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18211a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
18221a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18231a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18241a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18251a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
18261a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18291a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18311a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18321a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18341a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18371a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18381a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18401a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
18411a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18421a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
18431a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
18441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18461a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18491a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
18501a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18511a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18521a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
18531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18541a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
18551a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
18561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18581a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18591a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18601a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
18611a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
18621a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18631a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18641a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18661a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18671a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18681a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18691a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
18701a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
18711a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18721a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18731a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb31040000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
18741a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31040000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
18761a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
18771a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
18781a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
18791a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86C241B10A6558ACD09DD7A5B8E6E2277C8E4613
18801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
18811a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
18821a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1340_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
18831a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18841a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18851a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
18861a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
18871a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
18881a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
18891a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18901a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18911a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18921a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18931a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18941a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18951a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18961a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
18971a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb77910000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
18981a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
18991a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77910000 'C:\WINDOWS\system32\uxtheme.dll'
19001a04.3a64: \Device\HarddiskVolume4\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Owner is administrators group.
19011a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
19021a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'userenv.dll'.
19031a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
19041a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19051a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
19061a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
19071a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19081a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
19091a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
19101a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
19111a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
19121a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\Stardock\Fences\FencesMenu64.dll) WinVerifyTrust
19131a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
19141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
19151a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
19161a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll
19171a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
19181a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
19191a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D31259EDB7F10C6E853EED18D23ADEF531D57B
19201a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
19211a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
19221a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1426_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll'
19231a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19241a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19251a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
19261a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
19271a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll) WinVerifyTrust
19281a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\GdiPlus.dll
19291a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19311a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
19321a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19381a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
19391a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
19401a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
19411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19431a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19461a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19491a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19501a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19511a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19521a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19541a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19551a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19571a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
19591a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
19601a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
19611a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
19621a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19631a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll) WinVerifyTrust
19641a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
19651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
19661a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
19671a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19681a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19691a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
19701a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
19711a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
19721a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
19731a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
19741a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
19751a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
19761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
19771a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
19781a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
19791a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19801a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19811a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19821a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
19831a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
19841a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
19851a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19861a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
19871a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
19881a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll)
19891a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll
19901a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb79680000 LB 0x00029000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
19911a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
19921a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb74ab0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
19931a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
19941a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb67960000 LB 0x0019c000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\gdiplus.dll [fFlags=0x0]
19951a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll [avoiding WinVerifyTrust]
19961a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb30b70000 LB 0x00153000 C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [fFlags=0x0]
19971a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
19981a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb30b70000 'C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll'
19991a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000668 pwszName=\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll
20001a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
20011a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
20021a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7DCB5A4F3BFE21E38089AE891CFC9686497EB58
20031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20041a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20051a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20061a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20071a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20091a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20101a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
20111a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1426_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll'
20121a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20131a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.847_none_46b8d003edf2a538\GdiPlus.dll'
20141a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20151a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
20161a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20171a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20181a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
20191a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
20201a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
20211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20221a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20231a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20241a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20251a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
20261a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20281a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20291a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
20301a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb610c0000 LB 0x000a9000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
20311a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
20321a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb610c0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
20331a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20341a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20351a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
20361a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
20371a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'version.dll'.
20381a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'userenv.dll'.
20391a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll) WinVerifyTrust
20401a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
20411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
20421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
20431a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
20441a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
20451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
20461a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20471a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
20481a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20491a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
20501a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
20511a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20521a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20531a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
20541a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20551a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20561a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20591a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20601a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20611a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20621a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
20631a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
20641a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb78890000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
20651a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
20661a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb40a60000 LB 0x000d9000 C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll [fFlags=0x0]
20671a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\HP\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
20681a04.3a64: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
20691a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
20701a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
20711a04.3a64: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000674 (hFile=0000000000000658) with 0xc0000022 -> STATUS_TRUST_FAILURE
20721a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
20731a04.3a64: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000658 (hFile=0000000000000674) with 0xc0000022 -> STATUS_TRUST_FAILURE
20741a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb40a60000 'C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpoFeedb.dll'
20751a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000067c pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
20761a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
20771a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
20781a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AA8963C9F5E5DC6B00EAAD3C097F646B1260B1D
20791a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
20811a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_819_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
20821a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20831a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
20841a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c920000 'C:\WINDOWS\system32\user32.dll'
20851a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20861a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20871a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ae70000 'C:\WINDOWS\system32\shell32.dll'
20881a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
20891a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
20911a04.3a64: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
20921a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20931a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c2b0000 'C:\WINDOWS\system32\SHCore.dll'
20941a04.3a64: \Device\HarddiskVolume4\Windows\System32\Wintab32.dll: Owner is administrators group.
20951a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
20961a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'hid.dll'.
20971a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
20981a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'setupapi.dll'.
20991a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'mpr.dll'.
21001a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
21011a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
21021a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
21031a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
21041a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
21051a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Wintab32.dll) WinVerifyTrust
21061a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wintab32.dll
21071a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21091a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
21101a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21111a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21121a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
21131a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21151a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
21161a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21181a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
21191a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
21221a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
21231a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [redoing WinVerifyTrust]
21241a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
21251a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
21261a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
21271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21291a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
21301a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21311a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
21321a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
21331a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21341a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
21351a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
21361a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
21371a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21381a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
21391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
21401a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
21411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hid.dll'...
21421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'hid.dll' -> '\Device\HarddiskVolume4\Windows\System32\hid.dll' [rcNtRedir=0xc0150008]
21431a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000690 pwszName=\Device\HarddiskVolume4\Windows\System32\hid.dll
21441a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
21451a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
21461a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A5EAAAFB3EAC6B91EAFA35A053C6F0186105233B
21471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21491a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
21501a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21511a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21521a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21541a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
21551a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
21561a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\hid.dll'
21571a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21581a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21591a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hid.dll) WinVerifyTrust
21601a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hid.dll
21611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21621a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21631a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21641a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Wintab32.dll
21651a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hid.dll
21661a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb78150000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\HID.DLL [fFlags=0x0]
21671a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hid.dll
21681a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7cf80000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
21691a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21701a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb23810000 LB 0x0026d000 C:\WINDOWS\system32\wintab32.dll [fFlags=0x0]
21711a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Wintab32.dll
21721a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
21731a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21741a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
21751a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
21761a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21771a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
21781a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
21791a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21801a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
21811a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
21821a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21831a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
21841a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
21851a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21861a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-l1-2-1'
21871a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
21881a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21891a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
21901a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
21911a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21921a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-string-l1-1-0'
21931a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
21941a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21951a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-datetime-l1-1-1'
21961a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
21971a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21981a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-obsolete-l1-2-0'
21991a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23810000 'C:\WINDOWS\system32\wintab32.dll'
22001a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22011a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
22021a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
22031a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
22041a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
22051a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
22061a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb77c20000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
22071a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
22081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22101a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
22111a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22131a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22151a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22161a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22181a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
22191a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
22201a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
22211a04.3a64: Error (rc=0):
22221a04.3a64: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll
22231a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
22241a04.3a64: Error (rc=0):
22251a04.3a64: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll
22261a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
22271a04.3a64: Error (rc=0):
22281a04.3a64: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll
22291a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
22301a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
22311a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22321a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\system32\winmm.dll'
22331a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
22341a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22351a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\system32\winmm.dll'
22361a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22371a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22381a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ae70000 'C:\WINDOWS\system32\shell32.dll'
22391a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22401a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22411a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77910000 'C:\WINDOWS\system32\uxtheme.dll'
22421a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cab0000 'C:\WINDOWS\system32\advapi32.dll'
22431a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
22441a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22451a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79680000 'C:\WINDOWS\system32\userenv.dll'
22461a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
22471a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22481a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
22491a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c530000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
22501a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22511a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
22521a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
22531a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
22541a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22551a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22561a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22571a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22581a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
22591a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
22601a04.3a2c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
22611a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
22621a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22631a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22641a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22651a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22661a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22671a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22681a04.3a2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22691a04.3a2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22701a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22711a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22721a04.3a2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
22731a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22741a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22751a04.3a2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22761a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22771a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22781a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22791a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22801a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22811a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22821a04.3a2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22831a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22841a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22851a04.3a2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22861a04.3a2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22871a04.3a2c: supR3HardenedDllNotificationCallback: load 00007ffb23050000 LB 0x003a1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
22881a04.3a2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22891a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23050000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
22901a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
22911a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22921a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22931a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22941a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
22951a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22961a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22971a04.3a2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22981a04.3a2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
22991a04.3a2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23001a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23011a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23021a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23031a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23041a04.3a2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23051a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23061a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23071a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23081a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23091a04.3a2c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
23101a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23111a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23121a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23131a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23141a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23151a04.3a2c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23161a04.3a2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23171a04.3a2c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23181a04.3a2c: supR3HardenedDllNotificationCallback: load 00007ffb23400000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
23191a04.3a2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23201a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23400000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
23211a04.3a2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23221a04.3a2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23231a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cc10000 'C:\Windows\System32\oleaut32.dll'
23241a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\system32\gdi32.dll'
23251a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb7c7b0000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
23261a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23271a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
23281a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
23291a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
23301a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
23311a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
23321a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
23331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23351a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
23361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23381a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23391a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23401a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23411a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23431a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23441a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
23451a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
23461a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
23471a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ae70000 'C:\WINDOWS\system32\shell32.dll'
23481a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
23491a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
23501a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
23511a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
23521a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
23531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
23541a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
23551a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23561a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23571a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
23581a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
23591a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
23601a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
23611a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
23621a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
23631a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
23641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
23651a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
23661a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
23671a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
23681a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23691a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
23701a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
23711a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
23721a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
23731a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23741a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23751a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23761a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23771a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23781a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
23791a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
23801a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23811a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
23821a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
23831a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
23841a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
23851a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23861a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23871a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
23881a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23891a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23901a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23911a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
23921a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
23931a04.3a64: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
23941a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23951a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
23961a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
23971a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
23981a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23991a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24001a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24011a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24021a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
24031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24041a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24051a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
24061a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
24071a04.3a64: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
24081a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
24091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
24101a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
24111a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24131a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24141a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24151a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
24161a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
24171a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
24181a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb782c0000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
24191a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
24201a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb757e0000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
24211a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
24221a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb76620000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
24231a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
24241a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb44050000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
24251a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24261a04.3a64: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
24271a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
24281a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\System32\gdi32.dll'
24291a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb44050000 'C:\WINDOWS\system32\dataexchange.dll'
24301a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24311a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
24321a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
24331a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
24341a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
24351a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
24361a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
24371a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24381a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
24391a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
24401a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
24411a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb77d10000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
24421a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
24431a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb77d60000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
24441a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
24451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24461a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24471a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24481a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24491a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24501a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24511a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
24521a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24531a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24541a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
24551a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24561a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24571a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
24581a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
24591a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
24601a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24621a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
24631a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
24641a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
24651a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
24661a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
24671a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
24681a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
24691a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24701a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c2b0000 'C:\WINDOWS\system32\Shcore.dll'
24711a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
24721a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
24731a04.3a64: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
24741a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
24751a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
24761a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
24771a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7d400000 'C:\WINDOWS\System32\ntdll.dll'
24781a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24791a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
24801a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
24811a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
24821a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
24831a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24841a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
24851a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
24861a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
24871a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
24881a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24891a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
24901a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
24911a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
24921a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
24931a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
24941a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
24951a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
24961a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
24971a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
24981a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
24991a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb78450000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
25001a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
25011a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb762a0000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
25021a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
25031a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb74fc0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
25041a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
25051a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb736e0000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
25061a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
25071a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb60cb0000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
25081a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
25091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
25101a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
25111a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
25121a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25131a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25141a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25151a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25161a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
25171a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25181a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25191a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25201a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25211a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
25221a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
25231a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
25241a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25251a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25261a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25271a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25281a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25291a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
25301a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
25311a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
25321a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
25331a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
25341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
25351a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
25361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25381a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25391a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25401a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
25411a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25421a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
25431a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25441a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25451a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
25461a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25471a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25481a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
25491a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25501a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25511a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
25521a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25541a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
25551a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cc10000 'C:\WINDOWS\System32\OLEAUT32.DLL'
25561a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
25571a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25581a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c920000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
25591a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
25601a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25611a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c920000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
25621a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
25631a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25641a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a930000 'api-ms-win-core-com-l1-1-0.dll'
25651a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
25661a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25671a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c7b0000 'C:\WINDOWS\System32\MSCTF.dll'
25681a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c370000 'C:\WINDOWS\System32\ole32.dll'
25691a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cc10000 'C:\WINDOWS\System32\OLEAUT32.dll'
25701a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b38 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
25711a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
25721a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
25731a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
25741a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25761a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1332_for_KB4457142~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
25771a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25781a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25791a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
25801a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25811a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
25821a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
25831a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25841a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25851a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b44 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
25861a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
25871a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
25881a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
25891a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
25901a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
25911a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
25921a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25931a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25941a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
25951a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
25961a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
25971a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
25981a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25991a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26001a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
26011a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26021a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26031a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26041a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26051a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
26061a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
26071a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
26081a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
26091a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26101a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26111a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26121a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
26131a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
26141a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb719e0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
26151a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
26161a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb70950000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
26171a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
26181a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
26191a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26201a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
26211a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb70950000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
26221a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bac pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
26231a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
26241a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
26251a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3E3EC800057E0E9FAFD03419437E41507961923
26261a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
26271a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
26281a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1332_for_KB4457142~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
26291a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26301a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26311a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
26321a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
26331a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
26341a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26351a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26361a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26381a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26391a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
26401a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb710f0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
26411a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
26421a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb710f0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
26431a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
26441a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26451a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-l1-2-0.dll'
26461a04.3a64: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
26471a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26481a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
26491a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
26501a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
26511a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
26521a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
26531a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
26541a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
26551a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
26561a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26571a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26581a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
26591a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
26601a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
26611a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26621a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26631a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
26641a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26651a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26661a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26671a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
26681a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb6e3a0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
26691a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
26701a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6e3a0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
26711a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c04 pwszName=\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
26721a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
26731a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
26741a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CDD7D7DFFD85D707F8E902ECFE6D843DC255EC17
26751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
26761a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
26771a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1188_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll'
26781a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26791a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
26801a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26811a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
26821a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26831a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
26841a04.37dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
26851a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26861a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26871a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26881a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll) WinVerifyTrust
26891a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
26901a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\uiautomationcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26911a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26921a04.37dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
26931a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
26941a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb5e9b0000 LB 0x00206000 C:\Windows\System32\uiautomationcore.dll [fFlags=0x0]
26951a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
26961a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb5e9b0000 'C:\Windows\System32\uiautomationcore.dll'
26971a04.3a2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
26981a04.3a2c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\UIAutomationCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26991a04.3a2c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb5e9b0000 'C:\Windows\System32\UIAutomationCore.dll'
27001a04.3a2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
27011a04.3a2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
27021a04.3a2c: supR3HardenedDllNotificationCallback: load 00007ffb795b0000 LB 0x0009a000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
27031a04.3a2c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
27041a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27051a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
27061a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27071a04.37dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
27081a04.37dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27091a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27101a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27111a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
27121a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
27131a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
27141a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'user32.dll'.
27151a04.3a64: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\oleacc.dll)
27161a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27171a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb67b00000 LB 0x0006e000 C:\Windows\System32\OLEACC.dll [fFlags=0x0]
27181a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll [avoiding WinVerifyTrust]
27191a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c74 pwszName=\Device\HarddiskVolume4\Windows\System32\oleacc.dll
27201a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
27211a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
27221a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27231a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27241a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27251a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27261a04.37dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27271a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C8CF53A3BA70195EC9BEB4C4D0559D96D0D1C38
27281a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27291a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
27301a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleacc.dll'
27311a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27321a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\oleacc.dll'
27331a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27341a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
27351a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27361a04.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
27371a04.37dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
27381a04.37dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
27391a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27401a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27411a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27421a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27431a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27441a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27451a04.37dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27461a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27471a04.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27481a04.37dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27491a04.37dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27501a04.37dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
27511a04.37dc: supR3HardenedDllNotificationCallback: load 0000000077ef0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
27521a04.37dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
27531a04.37dc: supR3HardenedDllNotificationCallback: load 00007ffb32470000 LB 0x00330000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
27541a04.37dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27551a04.37dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb32470000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27561a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
27571a04.3a64: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
27581a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cc10000 'C:\WINDOWS\System32\OLEAUT32.DLL'
27591a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27601a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27611a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb67b00000 'C:\WINDOWS\system32\oleacc.dll'
27621a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27631a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27641a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb67b00000 'C:\Windows\System32\oleacc.dll'
27651a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27661a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c370000 'C:\WINDOWS\system32\ole32.dll'
27671a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
27681a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27691a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb610c0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
27701a04.3a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27711a04.3a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27721a04.3a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27731a04.3a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27741a04.3a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27751a04.3a5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27761a04.3a5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27771a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27781a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27791a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27801a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27811a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27821a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27831a04.3a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27841a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27851a04.3a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27861a04.3a5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27871a04.3a5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27881a04.3a5c: supR3HardenedDllNotificationCallback: load 00007ffb70aa0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27891a04.3a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27901a04.3a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb70aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27911a04.3a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c920000 'C:\WINDOWS\system32\User32.dll'
27921a04.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
27931a04.2658: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27941a04.2658: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27951a04.2658: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27961a04.2658: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
27971a04.2658: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27981a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27991a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28001a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28011a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28021a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28031a04.2658: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28041a04.2658: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28051a04.2658: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28061a04.2658: supR3HardenedDllNotificationCallback: load 00007ffb704f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
28071a04.2658: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28081a04.2658: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb704f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28091a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
28101a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28111a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
28121a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28131a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
28141a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
28151a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
28161a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
28171a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
28181a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
28191a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
28201a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28211a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28221a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28231a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28241a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28251a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28261a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
28271a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
28281a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
28291a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28301a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
28311a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28321a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
28331a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
28341a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
28351a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
28361a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28371a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28381a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28391a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28401a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28411a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28421a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28431a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28441a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28451a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28461a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28471a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28481a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28491a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28501a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28511a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28521a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28531a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28541a04.3074: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
28551a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28561a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28571a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
28581a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28591a04.3074: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
28601a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28611a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28621a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28631a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
28641a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28651a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28661a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
28671a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
28681a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
28691a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
28701a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28711a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28721a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28731a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28741a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
28751a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28761a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28771a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
28781a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28791a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
28801a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28811a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28821a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28831a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28841a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
28851a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
28861a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
28871a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
28881a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28891a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28901a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28911a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28921a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28931a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
28941a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
28951a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28961a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb70460000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
28971a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
28981a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb70430000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
28991a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
29001a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb585f0000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
29011a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
29021a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb585f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
29031a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
29041a04.3074: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
29051a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
29061a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29071a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb70430000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
29081a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
29091a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29101a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
29111a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
29121a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
29131a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
29141a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
29151a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
29161a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29171a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29181a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29191a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
29201a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb70410000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
29211a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
29221a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb70410000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
29231a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
29241a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29251a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\system32/opengl32.dll'
29261a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
29271a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29281a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
29291a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\System32\gdi32.dll'
29301a04.3074: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll: Owner is administrators group.
29311a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
29321a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
29331a04.3074: supHardenedWinVerifyImageByHandle: -> -23303 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll) WinVerifyTrust
29341a04.3074: Error (rc=0):
29351a04.3074: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23303 (0xffffa4f9) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll: fKeyUsage=0x0, missing 0x1: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll
29361a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll
29371a04.3074: Error (rc=0):
29381a04.3074: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll' (C:\WINDOWS\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll): rcNt=0xc0000190
29391a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\System32\DriverStore\FileRepository\nvbl.inf_amd64_5d8c77eb01b0593c\nvinitx.dll'
29401a04.3074: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll: Owner is administrators group.
29411a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
29421a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
29431a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
29441a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
29451a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
29461a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29471a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll) WinVerifyTrust
29481a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll
29491a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29501a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29511a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
29521a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
29531a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
29541a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
29551a04.3074: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [redoing WinVerifyTrust]
29561a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
29571a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
29581a04.3074: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
29591a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29601a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29611a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29621a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll
29631a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb257f0000 LB 0x00edb000 C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll [fFlags=0x0]
29641a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll
29651a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29661a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29671a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
29681a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
29691a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29701a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
29711a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
29721a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29731a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
29741a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
29751a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29761a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
29771a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
29781a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29791a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-l1-2-1'
29801a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
29811a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29821a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
29831a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
29841a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29851a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-string-l1-1-0'
29861a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
29871a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29881a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-datetime-l1-1-1'
29891a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
29901a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29911a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-obsolete-l1-2-0'
29921a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
29931a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OpenGL32.dll (Input=OpenGL32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29941a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OpenGL32.dll'
29951a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c920000 'C:\WINDOWS\System32\User32.dll'
29961a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
29971a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29981a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77c20000 'C:\WINDOWS\System32\dwmapi.dll'
29991a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb257f0000 'C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll'
30001a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\System32\gdi32.dll'
30011a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
30021a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30031a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30041a04.3074: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
30051a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
30061a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
30071a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb77d30000 LB 0x00022000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
30081a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
30091a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb77d30000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
30101a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30111a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30121a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30131a04.3074: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30141a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
30151a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
30161a04.3074: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
30171a04.3074: supR3HardenedDllNotificationCallback: Unload 00007ffb77d30000 LB 0x00022000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [flags=0x0]
30181a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\System32\gdi32.dll'
30191a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a8d0000 'C:\WINDOWS\System32\gdi32.dll'
30201a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
30211a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30221a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30231a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30241a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30251a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30261a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30271a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30281a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30291a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
30301a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30311a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78890000 'C:\WINDOWS\System32\version.dll'
30321a04.3074: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Oracle\VirtualBox\igc64.dll': 0 (NtPath=\??\C:\Program Files\Oracle\VirtualBox\igc64.dll; Input=C:\Program Files\Oracle\VirtualBox\igc64.dll; rcNtGetDll=0x0
30331a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Oracle\VirtualBox\igc64.dll'
30341a04.3074: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll: Owner is administrators group.
30351a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
30361a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
30371a04.3074: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll) WinVerifyTrust
30381a04.3074: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll
30391a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30401a04.3074: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll
30411a04.3074: supR3HardenedDllNotificationCallback: load 00007ffb6a590000 LB 0x01ebe000 C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll [fFlags=0x0]
30421a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll
30431a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
30441a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30451a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-synch-l1-2-0'
30461a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
30471a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30481a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-fibers-l1-1-1'
30491a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
30501a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30511a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-l1-2-1'
30521a04.3074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
30531a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30541a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7cb60000 'C:\WINDOWS\System32\kernel32.dll'
30551a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
30561a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30571a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-string-l1-1-0'
30581a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
30591a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30601a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-datetime-l1-1-1'
30611a04.3074: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
30621a04.3074: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30631a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79be0000 'api-ms-win-core-localization-obsolete-l1-2-0'
30641a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6a590000 'C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\igc64.dll'
30651a04.3074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb43310000 'C:\WINDOWS\System32\OPENGL32.dll'
30661a04.a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll
30671a04.a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30681a04.a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb257f0000 'C:\WINDOWS\System32\DriverStore\FileRepository\ki129866.inf_amd64_e7cdca9882c16f55\ig9icd64.dll'
30691a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ae70000 'C:\WINDOWS\system32\Shell32.dll'
30701a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
30711a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
30721a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30731a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30741a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30751a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
30761a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
30771a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30781a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
30791a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
30801a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
30811a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
30821a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
30831a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
30841a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
30851a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
30861a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
30871a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
30881a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
30891a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
30901a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30911a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30921a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30931a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30941a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
30951a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30961a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30971a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
30981a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30991a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31001a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31011a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31021a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31031a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31041a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31051a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
31061a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31071a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
31081a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
31091a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31101a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31111a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31121a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31131a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31141a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31151a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31161a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31171a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
31181a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31191a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
31201a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31211a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31221a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31231a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31241a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31251a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31261a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31271a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31281a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31291a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31301a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31311a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31321a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
31331a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31341a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31351a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31361a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31371a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31381a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31391a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31401a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31411a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31421a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31431a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31441a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb22fe0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
31451a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31461a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb703b0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
31471a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31481a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb78d70000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
31491a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
31501a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb31a90000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
31511a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
31521a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb31a90000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
31531a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31541a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
31551a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31561a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23050000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
31571a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31581a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31591a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31601a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb703b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
31611a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31621a04.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31631a04.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31641a04.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31651a04.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31661a04.22c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
31671a04.22c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31681a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31691a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31701a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31711a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31721a04.22c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31731a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31741a04.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31751a04.22c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31761a04.22c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31771a04.22c0: supR3HardenedDllNotificationCallback: load 00007ffb6fc30000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
31781a04.22c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
31791a04.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
31801a04.6a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
31811a04.6a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31821a04.6a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31831a04.6a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
31841a04.6a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
31851a04.6a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
31861a04.6a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31871a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31881a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31891a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31901a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31911a04.6a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31921a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31931a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31941a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31951a04.6a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31961a04.6a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31971a04.6a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
31981a04.6a4: supR3HardenedDllNotificationCallback: load 00007ffb704e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
31991a04.6a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
32001a04.6a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb704e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
32011a04.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32021a04.256c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32031a04.256c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32041a04.256c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32051a04.256c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
32061a04.256c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32071a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32081a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32091a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32101a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32111a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32121a04.256c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32131a04.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32141a04.256c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32151a04.256c: supR3HardenedDllNotificationCallback: load 00007ffb6fc20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
32161a04.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
32171a04.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fc20000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
32181a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
32191a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32201a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78d70000 'C:\WINDOWS\system32\Iphlpapi.dll'
32211a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32221a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
32231a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
32241a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
32251a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb7c360000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
32261a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
32271a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
32281a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb753a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
32291a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
32301a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32311a04.2c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
32321a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
32331a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb74af0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
32341a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
32351a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
32361a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
32371a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
32381a04.2c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
32391a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
32401a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb74ad0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
32411a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
32421a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010fc pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
32431a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
32441a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
32451a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
32461a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32471a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32481a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
32491a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32501a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32511a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
32521a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32531a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32541a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32551a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32561a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32571a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32581a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
32591a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32601a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32611a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32621a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32631a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
32641a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32651a04.2c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
32661a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010f4 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
32671a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
32681a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
32691a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
32701a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32711a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32721a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
32731a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32741a04.2c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
32751a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32761a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32771a04.2c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
32781a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32791a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32801a04.2c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
32811a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32821a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32831a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32841a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
32851a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
32861a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
32871a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
32881a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
32891a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
32901a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
32911a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
32921a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
32931a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32941a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
32951a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
32961a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
32971a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
32981a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
32991a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
33001a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33011a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33021a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33031a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33041a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33051a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33061a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
33071a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
33081a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011e0 pwszName=\Device\HarddiskVolume4\Windows\System32\twinapi.dll
33091a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
33101a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
33111a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
33121a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
33131a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
33141a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33151a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE12850CDDFA8F78AF155FA781DB313A8B08A82D
33161a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33171a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
33181a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33191a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33201a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33211a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33221a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
33231a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
33241a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
33251a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
33261a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
33271a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1343_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\twinapi.dll'
33281a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33291a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33301a04.2c50: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
33311a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33321a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
33331a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
33341a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'textinputframework.dll'.
33351a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.dll) WinVerifyTrust
33361a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.dll
33371a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
33381a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33391a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33401a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
33411a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
33421a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33431a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33441a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33451a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
33461a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
33471a04.3a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
33481a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\twinapi.dll (Input=twinapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33491a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
33501a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
33511a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb79560000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
33521a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
33531a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb75ad0000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
33541a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
33551a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb71d40000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
33561a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33571a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb71d40000 'C:\WINDOWS\System32\MMDevApi.dll'
33581a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.dll
33591a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb500a0000 LB 0x00081000 C:\WINDOWS\System32\twinapi.dll [fFlags=0x0]
33601a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.dll
33611a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb500a0000 'C:\WINDOWS\System32\twinapi.dll'
33621a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001264 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
33631a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
33641a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
33651a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
33661a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
33671a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
33681a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
33691a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33701a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33711a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
33721a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
33731a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
33741a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33751a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33761a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
33771a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33781a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33791a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
33801a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33811a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb46dd0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
33821a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33831a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33841a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33851a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb46dd0000 'C:\WINDOWS\System32\dsound.dll'
33861a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb46dd0000 'C:\WINDOWS\System32\dsound.dll'
33871a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
33881a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33891a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb46dd0000 'C:\WINDOWS\system32\dsound.dll'
33901a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
33911a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33921a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb71d40000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
33931a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
33941a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
33951a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
33961a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001290 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
33971a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
33981a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
33991a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
34001a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
34011a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
34021a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
34031a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34041a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34051a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
34061a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
34071a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
34081a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
34091a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34101a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
34111a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
34121a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
34131a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
34141a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
34151a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
34161a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
34171a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
34181a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
34191a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34201a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
34211a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
34221a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34231a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
34241a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34251a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34261a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34271a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34281a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34291a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34301a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34311a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34321a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34331a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34341a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34351a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
34361a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb58350000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
34371a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
34381a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb74b10000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
34391a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
34401a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb28250000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
34411a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34421a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34431a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34441a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34451a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34461a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34471a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34481a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34491a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34501a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34511a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34521a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34531a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34541a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34551a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
34561a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
34571a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
34581a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
34591a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
34601a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
34611a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
34621a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
34631a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
34641a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
34651a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
34661a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
34671a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
34681a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
34691a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
34701a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34711a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34721a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
34731a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34741a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34751a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
34761a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
34771a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
34781a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
34791a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
34801a04.2c50: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
34811a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34821a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
34831a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb6fc70000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
34841a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
34851a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fc70000 'C:\WINDOWS\System32\AUDIOSES.DLL'
34861a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34871a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34881a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34891a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
34901a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
34911a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34921a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34931a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34941a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34951a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28250000 'C:\WINDOWS\System32\wdmaud.drv'
34961a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001100 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
34971a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
34981a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
34991a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
35001a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
35011a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
35021a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
35031a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35041a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35051a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
35061a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
35071a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
35081a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
35091a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35101a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
35111a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
35121a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
35131a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
35141a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
35151a04.2c50: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
35161a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
35171a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
35181a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
35191a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
35201a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35211a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
35221a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
35231a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
35241a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
35251a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35261a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35271a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35281a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35291a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35301a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35311a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35321a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
35331a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb28230000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
35341a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
35351a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb33320000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
35361a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35371a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35381a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35391a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35401a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35411a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35421a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35431a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35441a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35451a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35461a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35471a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35481a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35491a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35501a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35511a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35521a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35531a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
35541a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35551a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35561a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35571a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35581a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb33320000 'C:\WINDOWS\System32\msacm32.drv'
35591a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f8 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
35601a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
35611a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
35621a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
35631a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
35641a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
35651a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
35661a04.2c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35671a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35681a04.2c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
35691a04.2c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
35701a04.2c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
35711a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
35721a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35731a04.2c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35741a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35751a04.2c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35761a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35771a04.2c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35781a04.2c50: supR3HardenedDllNotificationCallback: load 00007ffb28220000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
35791a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35801a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28220000 'C:\WINDOWS\System32\midimap.dll'
35811a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35821a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35831a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28220000 'C:\WINDOWS\System32\midimap.dll'
35841a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35851a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35861a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28220000 'C:\WINDOWS\System32\midimap.dll'
35871a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
35881a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
35891a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb28220000 'C:\WINDOWS\System32\midimap.dll'
35901a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35911a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35921a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35931a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35941a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35951a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35961a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
35971a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35981a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35991a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36001a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36011a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36021a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36031a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
36041a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36051a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb46dd0000 'C:\WINDOWS\system32\dsound.dll'
36061a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36071a04.2c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
36081a04.2c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36091a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb46dd0000 'C:\WINDOWS\system32\dsound.dll'
36101a04.2c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74c80000 'C:\WINDOWS\System32\winmm.dll'
36111a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
36121a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
36131a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\CRYPT32.dll'
36141a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
36151a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36161a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
36171a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
36181a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
36191a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
36201a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'textinputframework.dll'.
36211a04.1a60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
36221a04.1a60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
36231a04.1a60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
36241a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36251a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36261a04.1a60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
36271a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
36281a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
36291a04.1a60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
36301a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
36311a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
36321a04.1a60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
36331a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
36341a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
36351a04.1a60: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
36361a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
36371a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
36381a04.1a60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
36391a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
36401a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
36411a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36421a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36431a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36441a04.1a60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36451a04.1a60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36461a04.1a60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
36471a04.1a60: supR3HardenedDllNotificationCallback: load 00007ffb60d50000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
36481a04.1a60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
36491a04.1a60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb60d50000 'C:\Windows\System32\Windows.UI.dll'
36501a04.1f28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36511a04.1f28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
36521a04.1f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb74b10000 'C:\WINDOWS\System32\avrt.dll'
36531a04.91c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
36541a04.91c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
36551a04.91c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
36561a04.91c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
36571a04.91c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
36581a04.91c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
36591a04.91c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36601a04.91c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36611a04.91c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
36621a04.91c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
36631a04.91c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36641a04.91c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
36651a04.91c: supR3HardenedDllNotificationCallback: load 00007ffb78fe0000 LB 0x00066000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
36661a04.91c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
36671a04.91c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78fe0000 'C:\WINDOWS\system32\mswsock.dll'
36681a04.2f88: supR3HardenedDllNotificationCallback: Unload 00007ffb60d50000 LB 0x00107000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
36691a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000015f0 pwszName=\Device\HarddiskVolume4\Windows\System32\ninput.dll
36701a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000029760b0
36711a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000029760b0
36721a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a0a0000 'C:\Windows\System32\WINTRUST.DLL'
36731a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\CRYPT32.dll'
36741a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2ED02DC41E28BA3551A449FBB9D3BA2BB179EEEC
36751a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb78be0000 'C:\WINDOWS\system32\rsaenh.dll'
36761a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79910000 'C:\WINDOWS\System32\crypt32.dll'
36771a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1333_for_KB4483232~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\ninput.dll'
36781a04.3a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36791a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36801a04.3a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'oleaut32.dll'.
36811a04.3a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ninput.dll) WinVerifyTrust
36821a04.3a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ninput.dll
36831a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
36841a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
36851a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36861a04.3a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36871a04.3a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Ninput.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36881a04.3a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
36891a04.3a64: supR3HardenedDllNotificationCallback: load 00007ffb6ff20000 LB 0x00063000 C:\WINDOWS\system32\Ninput.dll [fFlags=0x0]
36901a04.3a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ninput.dll
36911a04.3a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6ff20000 'C:\WINDOWS\system32\Ninput.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy