VirtualBox

Ticket #18839: VBoxHardeningExistingMachine.log

File VBoxHardeningExistingMachine.log, 248.1 KB (added by nthexwn, 5 years ago)

Log file for existing machine

Line 
12908.3334: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa03fab00
22908.3334: \SystemRoot\System32\ntdll.dll:
32908.3334: CreationTime: 2019-02-19T23:20:37.269069900Z
42908.3334: LastWriteTime: 2019-01-05T08:23:47.864793200Z
52908.3334: ChangeTime: 2019-07-17T01:04:26.663796100Z
62908.3334: FileAttributes: 0x20
72908.3334: Size: 0x1dd0a8
82908.3334: NT Headers: 0xe0
92908.3334: Timestamp: 0x95231a81
102908.3334: Machine: 0x8664 - amd64
112908.3334: Timestamp: 0x95231a81
122908.3334: Image Version: 10.0
132908.3334: SizeOfImage: 0x1e0000 (1966080)
142908.3334: Resource Dir: 0x174000 LB 0x6a288
152908.3334: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162908.3334: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172908.3334: ProductName: Microsoft® Windows® Operating System
182908.3334: ProductVersion: 10.0.16299.936
192908.3334: FileVersion: 10.0.16299.936 (WinBuild.160101.0800)
202908.3334: FileDescription: NT Layer DLL
212908.3334: \SystemRoot\System32\kernel32.dll:
222908.3334: CreationTime: 2019-05-21T01:32:56.082859700Z
232908.3334: LastWriteTime: 2019-05-03T07:55:54.749648200Z
242908.3334: ChangeTime: 2019-07-17T01:04:26.619791100Z
252908.3334: FileAttributes: 0x20
262908.3334: Size: 0xab8e0
272908.3334: NT Headers: 0xe8
282908.3334: Timestamp: 0x374da198
292908.3334: Machine: 0x8664 - amd64
302908.3334: Timestamp: 0x374da198
312908.3334: Image Version: 10.0
322908.3334: SizeOfImage: 0xae000 (712704)
332908.3334: Resource Dir: 0xac000 LB 0x520
342908.3334: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352908.3334: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362908.3334: ProductName: Microsoft® Windows® Operating System
372908.3334: ProductVersion: 10.0.16299.1146
382908.3334: FileVersion: 10.0.16299.1146 (WinBuild.160101.0800)
392908.3334: FileDescription: Windows NT BASE API Client DLL
402908.3334: \SystemRoot\System32\KernelBase.dll:
412908.3334: CreationTime: 2019-07-17T00:59:33.124557800Z
422908.3334: LastWriteTime: 2019-07-05T03:15:28.590486000Z
432908.3334: ChangeTime: 2019-07-17T21:21:39.756030400Z
442908.3334: FileAttributes: 0x20
452908.3334: Size: 0x265e70
462908.3334: NT Headers: 0xf0
472908.3334: Timestamp: 0x49c1d529
482908.3334: Machine: 0x8664 - amd64
492908.3334: Timestamp: 0x49c1d529
502908.3334: Image Version: 10.0
512908.3334: SizeOfImage: 0x266000 (2514944)
522908.3334: Resource Dir: 0x245000 LB 0x548
532908.3334: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542908.3334: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552908.3334: ProductName: Microsoft® Windows® Operating System
562908.3334: ProductVersion: 10.0.16299.1268
572908.3334: FileVersion: 10.0.16299.1268 (WinBuild.160101.0800)
582908.3334: FileDescription: Windows NT BASE API Client DLL
592908.3334: \SystemRoot\System32\apisetschema.dll:
602908.3334: CreationTime: 2018-10-23T21:09:19.305566100Z
612908.3334: LastWriteTime: 2018-07-18T03:26:42.333897700Z
622908.3334: ChangeTime: 2019-07-17T01:04:26.708937400Z
632908.3334: FileAttributes: 0x20
642908.3334: Size: 0x1b3b8
652908.3334: NT Headers: 0xc8
662908.3334: Timestamp: 0x35fd1902
672908.3334: Machine: 0x8664 - amd64
682908.3334: Timestamp: 0x35fd1902
692908.3334: Image Version: 10.0
702908.3334: SizeOfImage: 0x1c000 (114688)
712908.3334: Resource Dir: 0x1b000 LB 0x408
722908.3334: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732908.3334: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742908.3334: ProductName: Microsoft® Windows® Operating System
752908.3334: ProductVersion: 10.0.16299.579
762908.3334: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
772908.3334: FileDescription: ApiSet Schema DLL
782908.3334: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792908.3334: supR3HardenedWinFindAdversaries: 0x8000
802908.3334: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
812908.3334: CreationTime: 2018-10-23T18:38:39.299456700Z
822908.3334: LastWriteTime: 2019-04-22T16:04:18.065802400Z
832908.3334: ChangeTime: 2019-08-15T06:50:36.055842400Z
842908.3334: FileAttributes: 0x20
852908.3334: Size: 0x33bd8
862908.3334: NT Headers: 0xf8
872908.3334: Timestamp: 0x5c896666
882908.3334: Machine: 0x8664 - amd64
892908.3334: Timestamp: 0x5c896666
902908.3334: Image Version: 6.1
912908.3334: SizeOfImage: 0x135000 (1265664)
922908.3334: Resource Dir: 0x133000 LB 0x2f8
932908.3334: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
942908.3334: [Raw version resource data: 0x133060 LB 0x294, codepage 0x0 (reserved 0x0)]
952908.3334: ProductName: CylancePROTECT
962908.3334: ProductVersion: 2.0.1530.4
972908.3334: FileVersion: 2.0.1530.4
982908.3334: FileDescription: Cylance Protect Driver
992908.3334: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1002908.3334: Calling main()
1012908.3334: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
1022908.3334: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1032908.3334: SUPR3HardenedMain: Respawn #1
1042908.3334: System32: \Device\HarddiskVolume4\Windows\System32
1052908.3334: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1062908.3334: KnownDllPath: C:\WINDOWS\System32
1072908.3334: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1082908.3334: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1092908.3334: supR3HardNtEnableThreadCreation:
1102908.3334: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb06828e00 pvNtTerminateThread=00007ffb06850b20
1112908.3334: supR3HardenedWinDoReSpawn(1): New child 2d44.cec [kernel32].
1122908.3334: supR3HardNtChildGatherData: PebBaseAddress=0000000000834000 cbPeb=0x388
1132908.3334: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb067b0000 uNtDllChildAddr=00007ffb067b0000
1142908.3334: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb06828e00
1152908.3334: supR3HardenedWinSetupChildInit: Start child.
1162908.3334: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1172908.3334: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 59 sleeps
1182908.3334: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1192908.3334: *0000000000000000-000000000063ffff 0x0001/0x0000 0x0000000
1202908.3334: *0000000000640000-000000000065ffff 0x0004/0x0004 0x0020000
1212908.3334: *0000000000660000-0000000000678fff 0x0002/0x0002 0x0040000
1222908.3334: 0000000000679000-000000000067ffff 0x0001/0x0000 0x0000000
1232908.3334: *0000000000680000-000000000077afff 0x0000/0x0004 0x0020000
1242908.3334: 000000000077b000-000000000077dfff 0x0104/0x0004 0x0020000
1252908.3334: 000000000077e000-000000000077ffff 0x0004/0x0004 0x0020000
1262908.3334: *0000000000780000-0000000000783fff 0x0002/0x0002 0x0040000
1272908.3334: 0000000000784000-000000000078ffff 0x0001/0x0000 0x0000000
1282908.3334: *0000000000790000-0000000000790fff 0x0004/0x0004 0x0020000
1292908.3334: 0000000000791000-00000000007fffff 0x0001/0x0000 0x0000000
1302908.3334: *0000000000800000-0000000000833fff 0x0000/0x0004 0x0020000
1312908.3334: 0000000000834000-0000000000836fff 0x0004/0x0004 0x0020000
1322908.3334: 0000000000837000-00000000009fffff 0x0000/0x0004 0x0020000
1332908.3334: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000
1342908.3334: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1352908.3334: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1362908.3334: 000000007fff0000-00007ff71421ffff 0x0001/0x0000 0x0000000
1372908.3334: *00007ff714220000-00007ff714242fff 0x0002/0x0002 0x0040000
1382908.3334: 00007ff714243000-00007ff71517ffff 0x0001/0x0000 0x0000000
1392908.3334: *00007ff715180000-00007ff715180fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1402908.3334: 00007ff715181000-00007ff7151f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1412908.3334: 00007ff7151f6000-00007ff7151f6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1422908.3334: 00007ff7151f7000-00007ff71523dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1432908.3334: 00007ff71523e000-00007ff71523efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1442908.3334: 00007ff71523f000-00007ff71523ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1452908.3334: 00007ff715240000-00007ff715244fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1462908.3334: 00007ff715245000-00007ff715245fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1472908.3334: 00007ff715246000-00007ff715246fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1482908.3334: 00007ff715247000-00007ff71524afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1492908.3334: 00007ff71524b000-00007ff715293fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1502908.3334: 00007ff715294000-00007ffb067affff 0x0001/0x0000 0x0000000
1512908.3334: *00007ffb067b0000-00007ffb067b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1522908.3334: 00007ffb067b1000-00007ffb068c2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1532908.3334: 00007ffb068c3000-00007ffb06908fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1542908.3334: 00007ffb06909000-00007ffb06910fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1552908.3334: 00007ffb06911000-00007ffb0691efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1562908.3334: 00007ffb0691f000-00007ffb0691ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1572908.3334: 00007ffb06920000-00007ffb06922fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1582908.3334: 00007ffb06923000-00007ffb0698ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1592908.3334: 00007ffb06990000-00007ffffffdffff 0x0001/0x0000 0x0000000
1602908.3334: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1612908.3334: VBoxHeadless.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
1622908.3334: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1632908.3334: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1642908.3334: supR3HardNtChildPurify: Done after 539 ms and 0 fixes (loop #0).
1652d44.cec: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
1662d44.cec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb067b0000 g_uNtVerCombined=0xa03fab00
1672d44.cec: ntdll.dll: timestamp 0x95231a81 (rc=VINF_SUCCESS)
1682d44.cec: New simple heap: #1 0000000000b00000 LB 0x400000 (for 1966080 allocation)
1692908.3334: supR3HardNtEnableThreadCreation:
1702d44.cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1712d44.cec: System32: \Device\HarddiskVolume4\Windows\System32
1722d44.cec: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1732d44.cec: KnownDllPath: C:\WINDOWS\System32
1742d44.cec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1752d44.cec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1762d44.cec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1772d44.cec: Registered Dll notification callback with NTDLL.
1782d44.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1792d44.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1802d44.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1812d44.cec: supR3HardenedDllNotificationCallback: load 00007ffb032c0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1822d44.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1832d44.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1842d44.cec: supR3HardenedDllNotificationCallback: load 00007ffb04f60000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1852d44.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1862d44.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04f60000 'C:\WINDOWS\System32\KERNEL32.DLL'
1872d44.cec: supR3HardenedDllNotificationCallback: load 00007ff715180000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
1882d44.cec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1892d44.cec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1902d44.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1912d44.cec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb06828e00 pvNtTerminateThread=00007ffb06850b20
1922908.3334: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms.
1932d44.cec: \SystemRoot\System32\ntdll.dll:
1942d44.cec: CreationTime: 2019-02-19T23:20:37.269069900Z
1952d44.cec: LastWriteTime: 2019-01-05T08:23:47.864793200Z
1962d44.cec: ChangeTime: 2019-07-17T01:04:26.663796100Z
1972d44.cec: FileAttributes: 0x20
1982d44.cec: Size: 0x1dd0a8
1992d44.cec: NT Headers: 0xe0
2002d44.cec: Timestamp: 0x95231a81
2012d44.cec: Machine: 0x8664 - amd64
2022d44.cec: Timestamp: 0x95231a81
2032d44.cec: Image Version: 10.0
2042d44.cec: SizeOfImage: 0x1e0000 (1966080)
2052d44.cec: Resource Dir: 0x174000 LB 0x6a288
2062d44.cec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2072d44.cec: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2082d44.cec: ProductName: Microsoft® Windows® Operating System
2092d44.cec: ProductVersion: 10.0.16299.936
2102d44.cec: FileVersion: 10.0.16299.936 (WinBuild.160101.0800)
2112d44.cec: FileDescription: NT Layer DLL
2122d44.cec: \SystemRoot\System32\kernel32.dll:
2132d44.cec: CreationTime: 2019-05-21T01:32:56.082859700Z
2142d44.cec: LastWriteTime: 2019-05-03T07:55:54.749648200Z
2152d44.cec: ChangeTime: 2019-07-17T01:04:26.619791100Z
2162d44.cec: FileAttributes: 0x20
2172d44.cec: Size: 0xab8e0
2182d44.cec: NT Headers: 0xe8
2192d44.cec: Timestamp: 0x374da198
2202d44.cec: Machine: 0x8664 - amd64
2212d44.cec: Timestamp: 0x374da198
2222d44.cec: Image Version: 10.0
2232d44.cec: SizeOfImage: 0xae000 (712704)
2242d44.cec: Resource Dir: 0xac000 LB 0x520
2252d44.cec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2262d44.cec: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2272d44.cec: ProductName: Microsoft® Windows® Operating System
2282d44.cec: ProductVersion: 10.0.16299.1146
2292d44.cec: FileVersion: 10.0.16299.1146 (WinBuild.160101.0800)
2302d44.cec: FileDescription: Windows NT BASE API Client DLL
2312d44.cec: \SystemRoot\System32\KernelBase.dll:
2322d44.cec: CreationTime: 2019-07-17T00:59:33.124557800Z
2332d44.cec: LastWriteTime: 2019-07-05T03:15:28.590486000Z
2342d44.cec: ChangeTime: 2019-07-17T21:21:39.756030400Z
2352d44.cec: FileAttributes: 0x20
2362d44.cec: Size: 0x265e70
2372d44.cec: NT Headers: 0xf0
2382d44.cec: Timestamp: 0x49c1d529
2392d44.cec: Machine: 0x8664 - amd64
2402d44.cec: Timestamp: 0x49c1d529
2412d44.cec: Image Version: 10.0
2422d44.cec: SizeOfImage: 0x266000 (2514944)
2432d44.cec: Resource Dir: 0x245000 LB 0x548
2442d44.cec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2452d44.cec: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2462d44.cec: ProductName: Microsoft® Windows® Operating System
2472d44.cec: ProductVersion: 10.0.16299.1268
2482d44.cec: FileVersion: 10.0.16299.1268 (WinBuild.160101.0800)
2492d44.cec: FileDescription: Windows NT BASE API Client DLL
2502d44.cec: \SystemRoot\System32\apisetschema.dll:
2512d44.cec: CreationTime: 2018-10-23T21:09:19.305566100Z
2522d44.cec: LastWriteTime: 2018-07-18T03:26:42.333897700Z
2532d44.cec: ChangeTime: 2019-07-17T01:04:26.708937400Z
2542d44.cec: FileAttributes: 0x20
2552d44.cec: Size: 0x1b3b8
2562d44.cec: NT Headers: 0xc8
2572d44.cec: Timestamp: 0x35fd1902
2582d44.cec: Machine: 0x8664 - amd64
2592d44.cec: Timestamp: 0x35fd1902
2602d44.cec: Image Version: 10.0
2612d44.cec: SizeOfImage: 0x1c000 (114688)
2622d44.cec: Resource Dir: 0x1b000 LB 0x408
2632d44.cec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2642d44.cec: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2652d44.cec: ProductName: Microsoft® Windows® Operating System
2662d44.cec: ProductVersion: 10.0.16299.579
2672d44.cec: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
2682d44.cec: FileDescription: ApiSet Schema DLL
2692d44.cec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2702d44.cec: supR3HardenedWinFindAdversaries: 0x8000
2712d44.cec: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
2722d44.cec: CreationTime: 2018-10-23T18:38:39.299456700Z
2732d44.cec: LastWriteTime: 2019-04-22T16:04:18.065802400Z
2742d44.cec: ChangeTime: 2019-08-15T06:50:36.055842400Z
2752d44.cec: FileAttributes: 0x20
2762d44.cec: Size: 0x33bd8
2772d44.cec: NT Headers: 0xf8
2782d44.cec: Timestamp: 0x5c896666
2792d44.cec: Machine: 0x8664 - amd64
2802d44.cec: Timestamp: 0x5c896666
2812d44.cec: Image Version: 6.1
2822d44.cec: SizeOfImage: 0x135000 (1265664)
2832d44.cec: Resource Dir: 0x133000 LB 0x2f8
2842d44.cec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2852d44.cec: [Raw version resource data: 0x133060 LB 0x294, codepage 0x0 (reserved 0x0)]
2862d44.cec: ProductName: CylancePROTECT
2872d44.cec: ProductVersion: 2.0.1530.4
2882d44.cec: FileVersion: 2.0.1530.4
2892d44.cec: FileDescription: Cylance Protect Driver
2902d44.cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2912d44.cec: Calling main()
2922d44.cec: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
2932d44.cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2942d44.cec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2952d44.cec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2962d44.cec: SUPR3HardenedMain: Respawn #2
2972d44.cec: supR3HardNtEnableThreadCreation:
2982d44.cec: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2992d44.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
3002d44.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3012d44.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3022d44.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb067b0000 'C:\WINDOWS\System32\ntdll.dll'
3032d44.cec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb06828e00 pvNtTerminateThread=00007ffb06850b20
3042d44.cec: supR3HardenedWinDoReSpawn(2): New child 27c8.2a58 [kernel32].
3052d44.cec: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
3062d44.cec: supR3HardNtChildGatherData: PebBaseAddress=0000000000d09000 cbPeb=0x388
3072d44.cec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb067b0000 uNtDllChildAddr=00007ffb067b0000
3082d44.cec: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb06828e00
3092d44.cec: supR3HardenedWinSetupChildInit: Start child.
3102d44.cec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3112d44.cec: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 59 sleeps
3122d44.cec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3132d44.cec: *0000000000000000-0000000000a7ffff 0x0001/0x0000 0x0000000
3142d44.cec: *0000000000a80000-0000000000a9ffff 0x0004/0x0004 0x0020000
3152d44.cec: *0000000000aa0000-0000000000ab8fff 0x0002/0x0002 0x0040000
3162d44.cec: 0000000000ab9000-0000000000abffff 0x0001/0x0000 0x0000000
3172d44.cec: *0000000000ac0000-0000000000bbafff 0x0000/0x0004 0x0020000
3182d44.cec: 0000000000bbb000-0000000000bbdfff 0x0104/0x0004 0x0020000
3192d44.cec: 0000000000bbe000-0000000000bbffff 0x0004/0x0004 0x0020000
3202d44.cec: *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000
3212d44.cec: 0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000
3222d44.cec: *0000000000bd0000-0000000000bd0fff 0x0004/0x0004 0x0020000
3232d44.cec: 0000000000bd1000-0000000000bfffff 0x0001/0x0000 0x0000000
3242d44.cec: *0000000000c00000-0000000000d08fff 0x0000/0x0004 0x0020000
3252d44.cec: 0000000000d09000-0000000000d0bfff 0x0004/0x0004 0x0020000
3262d44.cec: 0000000000d0c000-0000000000dfffff 0x0000/0x0004 0x0020000
3272d44.cec: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
3282d44.cec: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3292d44.cec: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3302d44.cec: 000000007fff0000-00007ff714d6ffff 0x0001/0x0000 0x0000000
3312d44.cec: *00007ff714d70000-00007ff714d92fff 0x0002/0x0002 0x0040000
3322d44.cec: 00007ff714d93000-00007ff71517ffff 0x0001/0x0000 0x0000000
3332d44.cec: *00007ff715180000-00007ff715180fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3342d44.cec: 00007ff715181000-00007ff7151f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3352d44.cec: 00007ff7151f6000-00007ff7151f6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3362d44.cec: 00007ff7151f7000-00007ff71523dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3372d44.cec: 00007ff71523e000-00007ff71523efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3382d44.cec: 00007ff71523f000-00007ff71523ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3392d44.cec: 00007ff715240000-00007ff715244fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3402d44.cec: 00007ff715245000-00007ff715245fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3412d44.cec: 00007ff715246000-00007ff715246fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3422d44.cec: 00007ff715247000-00007ff71524afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3432d44.cec: 00007ff71524b000-00007ff715293fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
3442d44.cec: 00007ff715294000-00007ffb067affff 0x0001/0x0000 0x0000000
3452d44.cec: *00007ffb067b0000-00007ffb067b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3462d44.cec: 00007ffb067b1000-00007ffb068c2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3472d44.cec: 00007ffb068c3000-00007ffb06908fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3482d44.cec: 00007ffb06909000-00007ffb06910fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3492d44.cec: 00007ffb06911000-00007ffb0691efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3502d44.cec: 00007ffb0691f000-00007ffb0691ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3512d44.cec: 00007ffb06920000-00007ffb06922fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3522d44.cec: 00007ffb06923000-00007ffb0698ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3532d44.cec: 00007ffb06990000-00007ffffffdffff 0x0001/0x0000 0x0000000
3542d44.cec: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3552d44.cec: VBoxHeadless.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
3562d44.cec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
3572d44.cec: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3582d44.cec: supR3HardNtChildPurify: Done after 538 ms and 0 fixes (loop #0).
35927c8.2a58: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
36027c8.2a58: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb067b0000 g_uNtVerCombined=0xa03fab00
3612d44.cec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000)
3622d44.cec: supR3HardNtEnableThreadCreation:
36327c8.2a58: ntdll.dll: timestamp 0x95231a81 (rc=VINF_SUCCESS)
36427c8.2a58: New simple heap: #1 0000000000f00000 LB 0x400000 (for 1966080 allocation)
36527c8.2a58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
36627c8.2a58: System32: \Device\HarddiskVolume4\Windows\System32
36727c8.2a58: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
36827c8.2a58: KnownDllPath: C:\WINDOWS\System32
36927c8.2a58: supR3HardenedVmProcessInit: Opening vboxdrv...
37027c8.2a58: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
37127c8.2a58: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
37227c8.2a58: Registered Dll notification callback with NTDLL.
37327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
37427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
37527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
37627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb032c0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
37727c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
37827c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
37927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04f60000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
38027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
38127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04f60000 'C:\WINDOWS\System32\KERNEL32.DLL'
38227c8.2a58: supR3HardenedDllNotificationCallback: load 00007ff715180000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
38327c8.2a58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
38427c8.2a58: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
38527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
38627c8.2a58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb06828e00 pvNtTerminateThread=00007ffb06850b20
3872d44.cec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 71 ms.
38827c8.2a58: \SystemRoot\System32\ntdll.dll:
38927c8.2a58: CreationTime: 2019-02-19T23:20:37.269069900Z
39027c8.2a58: LastWriteTime: 2019-01-05T08:23:47.864793200Z
39127c8.2a58: ChangeTime: 2019-07-17T01:04:26.663796100Z
39227c8.2a58: FileAttributes: 0x20
39327c8.2a58: Size: 0x1dd0a8
39427c8.2a58: NT Headers: 0xe0
39527c8.2a58: Timestamp: 0x95231a81
39627c8.2a58: Machine: 0x8664 - amd64
39727c8.2a58: Timestamp: 0x95231a81
39827c8.2a58: Image Version: 10.0
39927c8.2a58: SizeOfImage: 0x1e0000 (1966080)
40027c8.2a58: Resource Dir: 0x174000 LB 0x6a288
40127c8.2a58: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
40227c8.2a58: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
40327c8.2a58: ProductName: Microsoft® Windows® Operating System
40427c8.2a58: ProductVersion: 10.0.16299.936
40527c8.2a58: FileVersion: 10.0.16299.936 (WinBuild.160101.0800)
40627c8.2a58: FileDescription: NT Layer DLL
40727c8.2a58: \SystemRoot\System32\kernel32.dll:
40827c8.2a58: CreationTime: 2019-05-21T01:32:56.082859700Z
40927c8.2a58: LastWriteTime: 2019-05-03T07:55:54.749648200Z
41027c8.2a58: ChangeTime: 2019-07-17T01:04:26.619791100Z
41127c8.2a58: FileAttributes: 0x20
41227c8.2a58: Size: 0xab8e0
41327c8.2a58: NT Headers: 0xe8
41427c8.2a58: Timestamp: 0x374da198
41527c8.2a58: Machine: 0x8664 - amd64
41627c8.2a58: Timestamp: 0x374da198
41727c8.2a58: Image Version: 10.0
41827c8.2a58: SizeOfImage: 0xae000 (712704)
41927c8.2a58: Resource Dir: 0xac000 LB 0x520
42027c8.2a58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
42127c8.2a58: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
42227c8.2a58: ProductName: Microsoft® Windows® Operating System
42327c8.2a58: ProductVersion: 10.0.16299.1146
42427c8.2a58: FileVersion: 10.0.16299.1146 (WinBuild.160101.0800)
42527c8.2a58: FileDescription: Windows NT BASE API Client DLL
42627c8.2a58: \SystemRoot\System32\KernelBase.dll:
42727c8.2a58: CreationTime: 2019-07-17T00:59:33.124557800Z
42827c8.2a58: LastWriteTime: 2019-07-05T03:15:28.590486000Z
42927c8.2a58: ChangeTime: 2019-07-17T21:21:39.756030400Z
43027c8.2a58: FileAttributes: 0x20
43127c8.2a58: Size: 0x265e70
43227c8.2a58: NT Headers: 0xf0
43327c8.2a58: Timestamp: 0x49c1d529
43427c8.2a58: Machine: 0x8664 - amd64
43527c8.2a58: Timestamp: 0x49c1d529
43627c8.2a58: Image Version: 10.0
43727c8.2a58: SizeOfImage: 0x266000 (2514944)
43827c8.2a58: Resource Dir: 0x245000 LB 0x548
43927c8.2a58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
44027c8.2a58: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
44127c8.2a58: ProductName: Microsoft® Windows® Operating System
44227c8.2a58: ProductVersion: 10.0.16299.1268
44327c8.2a58: FileVersion: 10.0.16299.1268 (WinBuild.160101.0800)
44427c8.2a58: FileDescription: Windows NT BASE API Client DLL
44527c8.2a58: \SystemRoot\System32\apisetschema.dll:
44627c8.2a58: CreationTime: 2018-10-23T21:09:19.305566100Z
44727c8.2a58: LastWriteTime: 2018-07-18T03:26:42.333897700Z
44827c8.2a58: ChangeTime: 2019-07-17T01:04:26.708937400Z
44927c8.2a58: FileAttributes: 0x20
45027c8.2a58: Size: 0x1b3b8
45127c8.2a58: NT Headers: 0xc8
45227c8.2a58: Timestamp: 0x35fd1902
45327c8.2a58: Machine: 0x8664 - amd64
45427c8.2a58: Timestamp: 0x35fd1902
45527c8.2a58: Image Version: 10.0
45627c8.2a58: SizeOfImage: 0x1c000 (114688)
45727c8.2a58: Resource Dir: 0x1b000 LB 0x408
45827c8.2a58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
45927c8.2a58: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
46027c8.2a58: ProductName: Microsoft® Windows® Operating System
46127c8.2a58: ProductVersion: 10.0.16299.579
46227c8.2a58: FileVersion: 10.0.16299.579 (WinBuild.160101.0800)
46327c8.2a58: FileDescription: ApiSet Schema DLL
46427c8.2a58: NtOpenDirectoryObject failed on \Driver: 0xc0000022
46527c8.2a58: supR3HardenedWinFindAdversaries: 0x8000
46627c8.2a58: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
46727c8.2a58: CreationTime: 2018-10-23T18:38:39.299456700Z
46827c8.2a58: LastWriteTime: 2019-04-22T16:04:18.065802400Z
46927c8.2a58: ChangeTime: 2019-08-15T06:50:36.055842400Z
47027c8.2a58: FileAttributes: 0x20
47127c8.2a58: Size: 0x33bd8
47227c8.2a58: NT Headers: 0xf8
47327c8.2a58: Timestamp: 0x5c896666
47427c8.2a58: Machine: 0x8664 - amd64
47527c8.2a58: Timestamp: 0x5c896666
47627c8.2a58: Image Version: 6.1
47727c8.2a58: SizeOfImage: 0x135000 (1265664)
47827c8.2a58: Resource Dir: 0x133000 LB 0x2f8
47927c8.2a58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
48027c8.2a58: [Raw version resource data: 0x133060 LB 0x294, codepage 0x0 (reserved 0x0)]
48127c8.2a58: ProductName: CylancePROTECT
48227c8.2a58: ProductVersion: 2.0.1530.4
48327c8.2a58: FileVersion: 2.0.1530.4
48427c8.2a58: FileDescription: Cylance Protect Driver
48527c8.2a58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
48627c8.2a58: Calling main()
48727c8.2a58: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
48827c8.2a58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
48927c8.2a58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
49027c8.2a58: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
49127c8.2a58: SUPR3HardenedMain: Final process, opening VBoxDrv...
49227c8.2a58: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
49327c8.2a58: supR3HardNtEnableThreadCreation:
49427c8.2a58: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
49527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
49627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
49727c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
49827c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffaeb930000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
49927c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
50827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
50927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
51027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
51127c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
51227c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
51327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
51427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
51527c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
51627c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
51727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
51827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
51927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
52027c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
52127c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
52227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
52327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
52427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
52527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
52627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
52727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
52827c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
52927c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
53027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
53127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
53227c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
53327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
53427c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04ae0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
53527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
53627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02b00000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
53727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
53827c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02bb0000 LB 0x000f4000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
53927c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
54027c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
54127c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb03000000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
54227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
54327c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb03fd0000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
54427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
54527c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb049d0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
54627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
54727c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
54827c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
54927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04a30000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
55027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
55127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
55227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
55327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
55427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
55527c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02ef0000 LB 0x00059000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
55627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55727c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
55827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
55927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-synch-l1-2-0'
56027c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
56127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-fibers-l1-1-1'
56327c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
56427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-fibers-l1-1-1'
56627c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
56727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
56827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-synch-l1-2-0'
56927c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
57027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
57127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-localization-l1-2-1'
57227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\WINDOWS\system32\Wintrust.dll'
57327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
57427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
57527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
57927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
58027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
58127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
58227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
58427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
58727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
58827c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
58927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02660000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
59027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
59127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02660000 'C:\WINDOWS\system32\bcrypt.dll'
59227c8.2a58: bcrypt.dll loaded at 00007ffb02660000, BCryptOpenAlgorithmProvider at 00007ffb026625a0, preloading providers:
59327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
59427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
59527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
59627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02e70000 LB 0x00078000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
59727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
59827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02e70000 'C:\WINDOWS\system32\bcryptprimitives.dll'
59927c8.2a58: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000034878c0)
60027c8.2a58: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000348cc90)
60127c8.2a58: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000003490090)
60227c8.2a58: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000003490360)
60327c8.2a58: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000003490630)
60427c8.2a58: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000003490900)
60527c8.2a58: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000003490bd0)
60627c8.2a58: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000003490ea0)
60727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
60827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
60927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
61027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
61127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
61227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
61327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
61427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
61527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
61627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
61727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
61827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
61927c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
62027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
62127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
62227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
62327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
62427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
62527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
62627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
62727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
62827c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
62927c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
63027c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02550000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
63127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
63227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
63327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
63427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
63527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
63627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
63727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
63827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63927c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
64027c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb01f90000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
64127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
64227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
64327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
64427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
64527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
64627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02570000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
64727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
64827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
64927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
65027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
65127c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
65227c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04f60000 'C:\WINDOWS\System32\kernel32.dll'
65427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
65627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
65727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
65827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\CRYPT32.dll'
65927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04180000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
66027c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
66127c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
66227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
66327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
66527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
66627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
66727c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
66827c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
66927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb018e0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
67027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
67127c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02b90000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
67227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
67327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
67427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
67527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
67627c8.2a58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
67727c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
67827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
67927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
68027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
68127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
68227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
68327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
68427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
68527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
68627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
68727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
68827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
68927c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
69027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
69127c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69227c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffaf0290000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
69327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
69627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
69727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
69827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
69927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
70027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
70127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
70227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
70327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
70427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
70527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
70627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
70727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
70827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
70927c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
71227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
71427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
71627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
71827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
71927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
72027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
72227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\WINDOWS\System32\cryptnet.dll'
72327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
72427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf0290000 'C:\Windows\System32\cryptnet.dll'
72527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
72627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
72827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
72927c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
73127c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
73227c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003493d70
73327c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
73427c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AC432454C2FADF7F2F1648CAF5BCCCC2240CA3B
73527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
73627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
73727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03fd0000 'C:\WINDOWS\System32\rpcrt4.dll'
73827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
73927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
74027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
74127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
74227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
74327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
74427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
74527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
74627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
74727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
74827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
74927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
75027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
75127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\Windows\System32\WINTRUST.DLL'
75327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
75427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
75627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
75727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
75927c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_840_for_KB4499179~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
76027c8.2a58: g_pfnWinVerifyTrust=00007ffb02ef6bc0
76127c8.2a58: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
76227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
76327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
76527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
76627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
76727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
76827c8.2a58: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
76927c8.2a58: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
77027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
77127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
77327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
77427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
77527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
77627c8.2a58: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
77727c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
77827c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
77927c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
78027c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
78127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78227c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
78327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
78427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
78527c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
78627c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
78727c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
78827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
78927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
79027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
79127c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
79227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
79427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
79527c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
79627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
79827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
79927c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
80027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
80227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
80327c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
80427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
80527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
80627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
80727c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
80827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
80927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
81027c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
81127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
81227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
81327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
81427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
81527c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
81627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
81727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
81827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
81927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
82027c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
82127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
82227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
82327c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
82427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
82527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
82627c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
82727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
82827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
82927c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
83027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
83127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
83227c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
83327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
83427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
83527c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
83627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
83727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
83827c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
83927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
84027c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
84127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
84227c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
84327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
84427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
84527c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
84627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
84727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
84827c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
84927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\system32\crypt32.dll'
85027c8.2a58: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=com, DC=F5Net, CN=F5 Internal Issuing CA
85127c8.2a58: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=local, DC=itlab, CN=F5 ITLAB Issuing CA
85227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
85327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
85427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
85527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
85627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
85727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
85827c8.2a58: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=dmz, DC=f5net, CN=F5 F5NET-DMZ Issuing CA
85927c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
86027c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x2982d48ca12fb900 CN=F5 Root CA
86127c8.2a58: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=com, DC=F5Net, CN=F5 F5NET Issuing CA
86227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xb487e27ab702b200 CN=F5 Root CA V3
86327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
86427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
86527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
86627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
86727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
86827c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
86927c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
87027c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
87127c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
87227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
87327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
87427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
87527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
87627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
87727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
87827c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
87927c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
88027c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
88127c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
88227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
88327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
88427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
88527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
88627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
88727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
88827c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
88927c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
89027c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
89127c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
89227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
89327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
89427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
89527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
89627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
89727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
89827c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
89927c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
90027c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
90127c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
90227c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
90327c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x73799cbfb432199c C=US, ST=Washington, L=Seattle, O=F5 Networks, OU=IT Department, CN=F5 Networks Internal V2, Email=luckydevils@f5.com
90427c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x73799cbfb432199c C=US, ST=Washington, L=Seattle, O=F5 Networks, OU=IT Department, CN=F5 Networks Internal, Email=luckydevils@f5.com
90527c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x2982d48ca12fb900 CN=F5 Root CA
90627c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0x2982d48ca12fb900 CN=F5 Root CA
90727c8.2a58: supR3HardenedWinIsDesiredRootCA: Adding 0xb487e27ab702b200 CN=F5 Root CA V3
90827c8.2a58: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
90927c8.2a58: SUPR3HardenedMain: Load Runtime...
91027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
91127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
91227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
91327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
91427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
91527c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
91627c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
91727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
91827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
91927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
92027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
92127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
92227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
92327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
92427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
92527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
92627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
92727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
92827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
92927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
93027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
93127c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
93227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
93327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
93427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
93527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
93627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
93827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
93927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
94027c8.2a58: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
94127c8.2a58: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
94227c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
94327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
94427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
94527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
94627c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
94727c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
94827c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
94927c8.2a58: supR3HardenedDllNotificationCallback: load 0000000066320000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
95027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
95127c8.2a58: supR3HardenedDllNotificationCallback: load 0000000065d10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
95227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
95327c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb044b0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
95427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
95527c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffac4f20000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
95627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
95727c8.2a58: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
95827c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
95927c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
96727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
96827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
96927c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
97227c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
97527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
97927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
98527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
98927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
99927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
100327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
100427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4f20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
100827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02ef0000 'C:\WINDOWS\system32\Wintrust.dll'
100927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
101027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
101127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
101227c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
101427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
101527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\system32\crypt32.dll'
101627c8.2a58: SUPR3HardenedMain: Load TrustedMain...
101727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
101827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
101927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
102027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
102127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
102227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
102327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
102427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
102527c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
102627c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
102727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
102827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
102927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
103027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
103127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
103227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
103327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
103427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
103527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
103627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
103727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
103827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
103927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
104027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
104127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
104227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
104327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
104427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
104527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
104627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
104727c8.2a58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
104827c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
104927c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
105027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
105127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
105227c8.2a58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
105327c8.2a58: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
105427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
105527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
105627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
105727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
105827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
106027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
106127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
106227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
106327c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
106427c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
106527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
106627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
106727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
106827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
106927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
107027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
107127c8.2a58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
107227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
107327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
107427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
107527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
107627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
107727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
107827c8.2a58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
107927c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
108027c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
108127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
108227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
108327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
108427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
108527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
108627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
108727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
108827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
108927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
109027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
109127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
109227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
109327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
109427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
109527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
109627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
109727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
109827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
109927c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
110027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
110127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
110227c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
110327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
110427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
110527c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
110627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
110727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
110827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
110927c8.2a58: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
111027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
111127c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
111227c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb041a0000 LB 0x00306000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
111327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
111427c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb031d0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
111527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
111627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02e50000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
111727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
111827c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04dd0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
111927c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
112027c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02cb0000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
112127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
112227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
112327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
112427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
112527c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
112627c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
112727c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04d00000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
112827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
112927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb03e10000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
113027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
113127c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb05010000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
113227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
113327c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffacdd60000 LB 0x00052000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
113427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
113527c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
113627c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
113727c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
113827c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
113927c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
114027c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
114127c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
114227c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
114327c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
114427c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
114527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
114627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
114727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
114827c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
114927c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
115027c8.2a58: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
115127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
115227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
115327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
115427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
115527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
115627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
115727c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
115827c8.2a58: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
115927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
116027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
116127c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
116227c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
116327c8.2a58: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
116427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
116527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04f60000 'C:\WINDOWS\System32\kernel32.dll'
116627c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
116727c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
116827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-string-l1-1-0'
116927c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
117027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
117127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-datetime-l1-1-1'
117227c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
117327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
117427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-localization-obsolete-l1-2-0'
117527c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
117627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
117727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
117827c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
117927c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
118027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
118127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
118227c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
118327c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
118427c8.2a58: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
118527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
118627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
118727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
118827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
118927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04150000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
119027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
119127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04150000 'C:\WINDOWS\system32\IMM32.DLL'
119227c8.2a58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
119327c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
119427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacdd60000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
119527c8.2a58: SUPR3HardenedMain: Calling TrustedMain (00007ffacdd62d70)...
119627c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb02b20000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
119727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
119827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
119927c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
120027c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
120127c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb04d30000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
120227c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
120327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
120427c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
120527c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
120627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
120727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
120827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
120927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
121027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
121127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
121227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
121327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
121427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
121527c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
121627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
121727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
121827c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
121927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
122027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
122127c8.2a58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
122227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
122327c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
122427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
122527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
122627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
122727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
122827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
122927c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
123027c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
123127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
123227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
123327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
123427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
123527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
123627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
123727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
123827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
123927c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
124027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
124127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
124227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
124327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
124427c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
124527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
124827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
124927c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
125027c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffac4b70000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
125127c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
125227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4b70000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
125327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
125427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
125527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
125627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
125727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
125827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
125927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
126027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
126127c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
126227c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
126327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
126427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
126527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
126627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
126727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
126827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
126927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
127027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
127127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
127227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
127327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
127427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
127527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
127627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
127727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
127827c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll) WinVerifyTrust
127927c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
128027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
128127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
128227c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
128327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
128427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
128527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
128627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
128727c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
128827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
129027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
129127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
129227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
129327c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
129427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
129527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
129627c8.2a58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
129727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
129827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
129927c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130027c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
130127c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
130227c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffb03f60000 LB 0x00051000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
130327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
130427c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffac9c80000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
130527c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
130627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9c80000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
130727c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
130927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb05010000 'C:\Windows\System32\oleaut32.dll'
131027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
131127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03e10000 'C:\WINDOWS\System32\ole32.dll'
131327c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
131427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb05010000 'C:\WINDOWS\System32\OLEAUT32.dll'
131627c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000768 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
131727c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
131827c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
131927c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
132027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
132127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
132227c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_831_for_KB4503284~31bf3856ad364e35~amd64~~10.0.1.4.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
132327c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
132527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
132627c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
132727c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
132827c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
132927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
133027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
133127c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000774 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
133227c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
133327c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
133427c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
133527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
133627c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
133727c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
133827c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
133927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
134027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
134127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
134227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
134327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
134427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
134527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
134627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
134727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
134827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134927c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
135027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
135127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
135227c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
135327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
135427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
135527c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
135627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
135727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
135827c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
135927c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
136027c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
136127c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffafa8e0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
136227c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
136327c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffafac40000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
136427c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
136527c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
136627c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
136727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
136827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafac40000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
136927c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007e4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
137027c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
137127c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
137227c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3E3EC800057E0E9FAFD03419437E41507961923
137327c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
137427c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
137527c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_831_for_KB4503284~31bf3856ad364e35~amd64~~10.0.1.4.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
137627c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137727c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
137827c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
137927c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
138027c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
138127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
138227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
138327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
138427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
138527c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
138627c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
138727c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffaf6aa0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
138827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
138927c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6aa0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
139027c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
139127c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
139227c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-localization-l1-2-0.dll'
139327c8.2a58: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
139427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
139527c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb032c0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
139627c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007fc pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
139727c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
139827c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
139927c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
140027c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
140127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
140227c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
140327c8.2a58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
140427c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
140527c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
140627c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
140727c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
140827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
140927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
141027c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
141127c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
141227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
141327c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
141427c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
141527c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffaf6ac0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
141627c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
141727c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf6ac0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
141827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
141927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
142027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
142127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
142227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
142327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
142427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
142527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
142627c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
142727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
142827c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
142927c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
143027c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
143127c8.2a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
143227c8.2a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
143327c8.2a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
143427c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
143527c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
143627c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
143727c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
143827c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
143927c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
144027c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
144127c8.2a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
144227c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
144327c8.2a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
144427c8.2a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
144527c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
144627c8.2a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
144727c8.2a58: supR3HardenedDllNotificationCallback: load 0000000065690000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
144827c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
144927c8.2a58: supR3HardenedDllNotificationCallback: load 00007ffac4830000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
145027c8.2a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
145127c8.2a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4830000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
145227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
145327c8.2c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
145427c8.2c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
145527c8.2c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
145627c8.2c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
145727c8.2c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
145827c8.2c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
145927c8.2c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
146027c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
146127c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
146227c8.2c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
146327c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
146427c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
146527c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
146627c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
146727c8.2c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
146827c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
146927c8.2c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
147027c8.2c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
147127c8.2c1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147227c8.2c1c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
147327c8.2c1c: supR3HardenedDllNotificationCallback: load 00007ffaeb920000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
147427c8.2c1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
147527c8.2c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb920000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
147627c8.2c1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
147727c8.2c1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\User32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147827c8.2c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb04dd0000 'C:\WINDOWS\system32\User32.dll'
147927c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008bc pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
148027c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
148127c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
148227c8.1398: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
148327c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86C241B10A6558ACD09DD7A5B8E6E2277C8E4613
148427c8.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
148527c8.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
148627c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_821_for_KB4499179~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
148727c8.16b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
148827c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
148927c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
149027c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
149127c8.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
149227c8.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
149327c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
149427c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
149527c8.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
149627c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
149727c8.1398: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
149827c8.1398: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
149927c8.1398: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
150027c8.1398: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
150127c8.1398: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
150227c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
150327c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
150427c8.16b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
150527c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
150627c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
150727c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
150827c8.16b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
150927c8.16b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
151027c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
151127c8.1398: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
151227c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
151327c8.1398: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
151427c8.1398: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
151527c8.16b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
151627c8.1398: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
151727c8.16b8: supR3HardenedDllNotificationCallback: load 00007ffb012b0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
151827c8.16b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
151927c8.16b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb012b0000 'C:\WINDOWS\system32\uxtheme.dll'
152027c8.1398: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
152127c8.1398: supR3HardenedDllNotificationCallback: load 00007ffaeb910000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
152227c8.1398: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
152327c8.1398: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeb910000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
152427c8.16b8: supR3HardenedDllNotificationCallback: load 00007ffb04b80000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
152527c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
152627c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
152727c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
152827c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
152927c8.16b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
153027c8.16b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
153127c8.16b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
153227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
153327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
153427c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
153527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
153627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
153727c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
153827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
153927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
154027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
154127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
154227c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
154327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
154427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
154527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
154627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
154727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
154827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
154927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
155027c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
155127c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
155227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
155327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
155427c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
155527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
155627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
155727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
156027c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb03270000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
156127c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
156227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
156327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb050e0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
156427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
156527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
156627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
156727c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
156827c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
156927c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb02b40000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
157027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
157127c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
157227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
157327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb03530000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
157427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
157627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
157727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
157827c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
157927c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
158027c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb05340000 LB 0x01439000 C:\WINDOWS\System32\Shell32.dll [fFlags=0x0]
158127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
158227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb05340000 'C:\WINDOWS\system32\Shell32.dll'
158327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
158427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
158527c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
158627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
158727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
158827c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
158927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
159027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
159127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
159227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159427c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
159527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
159627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
159727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
159827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
159927c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
160027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
160127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
160227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
160327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
160427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
160527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
160627c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
160727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
160827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
160927c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
161027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
161127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
161227c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
161327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
161427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
161527c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
161627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
161727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
161827c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
161927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
162027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
162127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
162227c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
162327c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
162427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
162527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
162627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
162727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
162827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
162927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
163027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
163127c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
163227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
163327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
163427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
163527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
163627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
163727c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
163827c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
163927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
164027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
164127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
164227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
164327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
164427c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
164527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
164627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
164727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
164827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
164927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
165027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
165127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
165227c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
165327c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
165427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
165727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
165827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
165927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
166027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
166127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
166227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
166327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
166427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
166527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
166627c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
166727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
166827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
166927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
167027c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
167127c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
167227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
167327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
167427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
167527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
167627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
167927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
168027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
168127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
168227c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
168327c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
168427c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
168527c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
168627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
168727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
168827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
168927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
169027c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
169127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
169227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
169327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
169427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
169527c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
169627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
169727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
169827c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
169927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
170227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
170327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
170427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
170527c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170627c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
170727c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
170827c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
170927c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
171027c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb04520000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
171127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
171227c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffacddc0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
171327c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
171427c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffac9ae0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
171527c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
171627c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb02120000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
171727c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
171827c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffab1f80000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
171927c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
172027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1f80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
172127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
172227c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
172327c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4b70000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
172527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
172627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
172727c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9ae0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
172927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
173027c8.2b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
173127c8.2b20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
173227c8.2b20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
173327c8.2b20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
173427c8.2b20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
173527c8.2b20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
173627c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
173727c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
173827c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
173927c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
174027c8.2b20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
174127c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
174227c8.2b20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
174327c8.2b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
174427c8.2b20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
174527c8.2b20: supR3HardenedDllNotificationCallback: load 00007ffae4940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
174627c8.2b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
174727c8.2b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
174827c8.6d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
174927c8.6d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
175027c8.6d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
175127c8.6d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
175227c8.6d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
175327c8.6d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
175427c8.6d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
175527c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
175627c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
175727c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
175827c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
175927c8.6d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
176027c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
176127c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
176227c8.6d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
176327c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
176427c8.6d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
176527c8.6d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
176627c8.6d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
176727c8.6d4: supR3HardenedDllNotificationCallback: load 00007ffae6400000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
176827c8.6d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
176927c8.6d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae6400000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
177027c8.274: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
177127c8.274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
177227c8.274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
177327c8.274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
177427c8.274: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
177527c8.274: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
177627c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
177727c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
177827c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
177927c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
178027c8.274: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
178127c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
178227c8.274: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
178327c8.274: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
178427c8.274: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
178527c8.274: supR3HardenedDllNotificationCallback: load 00007ffae4fe0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
178627c8.274: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
178727c8.274: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
178827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
178927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
179027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02120000 'C:\WINDOWS\system32\Iphlpapi.dll'
179127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
179227c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
179327c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
179427c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
179527c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb03fc0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
179627c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
179727c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
179827c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb003e0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
179927c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
180027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
180127c8.2c70: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
180227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
180327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffaffd20000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
180427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
180527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
180627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
180727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
180827c8.2c70: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
180927c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
181027c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffaffad0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
181127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
181227c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c4c pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
181327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
181427c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
181527c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
181627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
181727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
181827c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
181927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
182027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
182127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
182227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
182327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
182427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
182527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
182627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
182727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
182827c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
182927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
183027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
183127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
183227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
183327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_840_for_KB4499179~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
183427c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
183527c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
183627c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c40 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
183727c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
183827c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
183927c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
184027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
184127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
184227c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_840_for_KB4499179~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
184327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
184427c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
184527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
184627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
184727c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
184827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
184927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
185027c8.2c70: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
185127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
185227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
185327c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
185427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
185527c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
185627c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
185727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
185827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
185927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
186027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
186127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
186227c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
186327c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
186427c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb02390000 LB 0x00066000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
186527c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
186627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb02390000 'C:\WINDOWS\system32\mswsock.dll'
186727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
186827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
186927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
187127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
187227c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
187327c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
187427c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
187527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
187627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
187727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
187827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
187927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
188027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
188127c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
188227c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
188327c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
188427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
188527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
188627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
188727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
188827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
188927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
189027c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
189127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
189427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
189527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
189627c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
189727c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
189827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
189927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
190027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
190127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
190227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
190327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
190427c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
190527c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
190627c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
190727c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
190827c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
190927c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb02910000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
191027c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
191127c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffafeea0000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
191227c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
191327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffafc510000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
191427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
191527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc510000 'C:\WINDOWS\System32\MMDevApi.dll'
191627c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
191727c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
191827c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
191927c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
192027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
192127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
192227c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
192327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
192427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
192527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
192627c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
192727c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
192827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
192927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
193027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
193127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
193227c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
193327c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
193427c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
193527c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
193627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
193727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
193827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
193927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
194127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
194227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
194327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
194427c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
194527c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll) WinVerifyTrust
194627c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
194727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
194827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
195027c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
195127c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
195227c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
195327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb00ef0000 LB 0x0002a000 C:\WINDOWS\System32\WINMMBASE.dll [fFlags=0x0]
195427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
195527c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb00f50000 LB 0x00023000 C:\WINDOWS\System32\WINMM.dll [fFlags=0x0]
195627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
195727c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffac3910000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
195827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
195927c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
196027c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
196127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3910000 'C:\WINDOWS\System32\dsound.dll'
196227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3910000 'C:\WINDOWS\System32\dsound.dll'
196327c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
196427c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3910000 'C:\WINDOWS\system32\dsound.dll'
196627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
196727c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
196827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc510000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
196927c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
197027c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
197127c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
197227c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
197327c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
197427c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
197527c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
197627c8.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
197727c8.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
197827c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
197927c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
198027c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
198127c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
198227c8.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
198327c8.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
198427c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
198527c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
198627c8.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
198727c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
198827c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
198927c8.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
199027c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
199127c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
199227c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
199327c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
199427c8.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
199527c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
199627c8.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
199727c8.21a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
199827c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
199927c8.21a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
200027c8.21a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
200127c8.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
200227c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
200327c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
200427c8.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
200527c8.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
200627c8.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
200727c8.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
200827c8.21a0: supR3HardenedDllNotificationCallback: load 00007ffaff990000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
200927c8.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
201027c8.21a0: supR3HardenedDllNotificationCallback: load 00007ffafd510000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
201127c8.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
201227c8.21a0: supR3HardenedDllNotificationCallback: load 00007ffaeecd0000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
201327c8.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
201427c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeecd0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
201527c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
201627c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
201727c8.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
201827c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
201927c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
202027c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
202127c8.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
202227c8.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
202327c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
202427c8.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
202527c8.21a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
202627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
202727c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
202827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
202927c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d78 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
203027c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
203127c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
203227c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
203327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
203427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
203527c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
203627c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
203727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
203827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
203927c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
204027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
204127c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
204227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
204327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
204427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
204527c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
204627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
204727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
204827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
204927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
205027c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205127c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
205227c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
205327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
205427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
205527c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
205627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
205827c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
205927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
206027c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
206127c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
206227c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
206327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffadde00000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
206427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
206527c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffaba6e0000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
206627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
206727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
206827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
206927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
207027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
207127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
207227c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
207327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
207427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
207527c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
207627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
207727c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
207827c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
207927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
208027c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
208127c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
208227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
208327c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
208427c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
208527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
208627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaba6e0000 'C:\WINDOWS\System32\wdmaud.drv'
208727c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
208827c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
208927c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
209027c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
209127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
209227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
209327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
209427c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
209527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
209627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
209727c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
209827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
209927c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
210027c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
210127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
210227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
210327c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
210427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
210527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
210627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
210727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
210827c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
210927c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
211027c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
211127c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
211227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
211327c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
211427c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
211527c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
211627c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
211727c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
211827c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
211927c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
212027c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
212127c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffabd260000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
212227c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
212327c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffb00fb0000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
212427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
212527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
212627c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
212727c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
212827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
212927c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
213027c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
213127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
213227c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
213327c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
213427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
213527c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
213627c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
213727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
213827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
213927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
214027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
214127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
214227c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
214327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
214427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
214527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
214627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00fb0000 'C:\WINDOWS\System32\msacm32.drv'
214727c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
214827c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003493d70
214927c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003493d70
215027c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
215127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01f90000 'C:\WINDOWS\system32\rsaenh.dll'
215227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb03000000 'C:\WINDOWS\System32\crypt32.dll'
215327c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
215427c8.2c70: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
215527c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
215627c8.2c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
215727c8.2c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
215827c8.2c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
215927c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
216027c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
216127c8.2c70: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
216227c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
216327c8.2c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
216427c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
216527c8.2c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
216627c8.2c70: supR3HardenedDllNotificationCallback: load 00007ffad9ca0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
216727c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
216827c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad9ca0000 'C:\WINDOWS\System32\midimap.dll'
216927c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
217027c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
217127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad9ca0000 'C:\WINDOWS\System32\midimap.dll'
217227c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
217327c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
217427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad9ca0000 'C:\WINDOWS\System32\midimap.dll'
217527c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
217627c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
217727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad9ca0000 'C:\WINDOWS\System32\midimap.dll'
217827c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
217927c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
218127c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
218227c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
218427c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
218527c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
218727c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
218827c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
218927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219027c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219127c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
219727c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
219827c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
219927c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3910000 'C:\WINDOWS\system32\dsound.dll'
220027c8.2c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
220127c8.2c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
220227c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220327c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220427c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220527c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220627c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220727c8.2c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb00f50000 'C:\WINDOWS\System32\winmm.dll'
220827c8.233c: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
220927c8.233c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
221027c8.233c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
221127c8.233c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000df0 (hFile=0000000000000de8) with 0xc0000022 -> STATUS_TRUST_FAILURE
221227c8.233c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
221327c8.233c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000de8 (hFile=0000000000000df0) with 0xc0000022 -> STATUS_TRUST_FAILURE
221427c8.274: supR3HardenedDllNotificationCallback: Unload 00007ffae4fe0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
221527c8.6d4: supR3HardenedDllNotificationCallback: Unload 00007ffae6400000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
221627c8.2b20: supR3HardenedDllNotificationCallback: Unload 00007ffae4940000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
221727c8.1398: supR3HardenedDllNotificationCallback: Unload 00007ffaeb910000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
221827c8.2c1c: supR3HardenedDllNotificationCallback: Unload 00007ffaeb920000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
221927c8.2c70: supR3HardenedDllNotificationCallback: Unload 00007ffab1f80000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
222027c8.2c70: supR3HardenedDllNotificationCallback: Unload 00007ffacddc0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
222127c8.2c70: supR3HardenedDllNotificationCallback: Unload 00007ffac9ae0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
222227c8.2c70: supR3HardenedDllNotificationCallback: Unload 00007ffb04520000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
222327c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffaf6aa0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
222427c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffaf6ac0000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
222527c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffac9c80000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
222627c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffafac40000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
222727c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffafa8e0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
222827c8.2a58: supR3HardenedDllNotificationCallback: Unload 00007ffac4b70000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
222927c8.2a58: Terminating the normal way: rcExit=0
22302d44.cec: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 18977 ms, the end);
22312908.3334: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 19618 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy