Ticket #14694: VBoxHardening.log

1e00.2090: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000
1e00.2090: \SystemRoot\System32\ntdll.dll:
1e00.2090:     CreationTime:    2015-08-20T23:20:59.070821600Z
1e00.2090:     LastWriteTime:   2015-08-08T07:29:58.168349600Z
1e00.2090:     ChangeTime:      2015-08-21T10:30:50.420447700Z
1e00.2090:     FileAttributes:  0x20
1e00.2090:     Size:            0x1bce48
1e00.2090:     NT Headers:      0xd8
1e00.2090:     Timestamp:       0x55c59f92
1e00.2090:     Machine:         0x8664 - amd64
1e00.2090:     Timestamp:       0x55c59f92
1e00.2090:     Image Version:   10.0
1e00.2090:     SizeOfImage:     0x1c1000 (1839104)
1e00.2090:     Resource Dir:    0x15a000 LB 0x65718
1e00.2090:     ProductName:     Microsoft® Windows® Operating System
1e00.2090:     ProductVersion:  10.0.10240.16430
1e00.2090:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
1e00.2090:     FileDescription: NT Layer DLL
1e00.2090: \SystemRoot\System32\kernel32.dll:
1e00.2090:     CreationTime:    2015-07-10T10:59:59.699781600Z
1e00.2090:     LastWriteTime:   2015-07-10T10:59:59.699781600Z
1e00.2090:     ChangeTime:      2015-10-13T23:39:05.537198800Z
1e00.2090:     FileAttributes:  0x20
1e00.2090:     Size:            0xab830
1e00.2090:     NT Headers:      0xf0
1e00.2090:     Timestamp:       0x559f38ad
1e00.2090:     Machine:         0x8664 - amd64
1e00.2090:     Timestamp:       0x559f38ad
1e00.2090:     Image Version:   10.0
1e00.2090:     SizeOfImage:     0xad000 (708608)
1e00.2090:     Resource Dir:    0xab000 LB 0x518
1e00.2090:     ProductName:     Microsoft® Windows® Operating System
1e00.2090:     ProductVersion:  10.0.10240.16384
1e00.2090:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
1e00.2090:     FileDescription: Windows NT BASE API Client DLL
1e00.2090: \SystemRoot\System32\KernelBase.dll:
1e00.2090:     CreationTime:    2015-07-10T11:00:10.325689700Z
1e00.2090:     LastWriteTime:   2015-07-10T11:00:10.325689700Z
1e00.2090:     ChangeTime:      2015-10-13T23:39:05.865323100Z
1e00.2090:     FileAttributes:  0x20
1e00.2090:     Size:            0x1dc680
1e00.2090:     NT Headers:      0x100
1e00.2090:     Timestamp:       0x559f38c3
1e00.2090:     Machine:         0x8664 - amd64
1e00.2090:     Timestamp:       0x559f38c3
1e00.2090:     Image Version:   10.0
1e00.2090:     SizeOfImage:     0x1dd000 (1953792)
1e00.2090:     Resource Dir:    0x1c7000 LB 0x530
1e00.2090:     ProductName:     Microsoft® Windows® Operating System
1e00.2090:     ProductVersion:  10.0.10240.16384
1e00.2090:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
1e00.2090:     FileDescription: Windows NT BASE API Client DLL
1e00.2090: \SystemRoot\System32\apisetschema.dll:
1e00.2090:     CreationTime:    2015-07-10T11:00:04.872098600Z
1e00.2090:     LastWriteTime:   2015-07-10T11:00:04.872098600Z
1e00.2090:     ChangeTime:      2015-08-21T03:35:07.893781700Z
1e00.2090:     FileAttributes:  0x20
1e00.2090:     Size:            0x16760
1e00.2090:     NT Headers:      0xc8
1e00.2090:     Timestamp:       0x559f3e3d
1e00.2090:     Machine:         0x8664 - amd64
1e00.2090:     Timestamp:       0x559f3e3d
1e00.2090:     Image Version:   10.0
1e00.2090:     SizeOfImage:     0x17000 (94208)
1e00.2090:     Resource Dir:    0x16000 LB 0x3f0
1e00.2090:     ProductName:     Microsoft® Windows® Operating System
1e00.2090:     ProductVersion:  10.0.10240.16384
1e00.2090:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
1e00.2090:     FileDescription: ApiSet Schema DLL
1e00.2090: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1e00.2090: supR3HardenedWinFindAdversaries: 0x0
1e00.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1e00.2090: Calling main()
1e00.2090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1e00.2090: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1e00.2090: SUPR3HardenedMain: Respawn #1
1e00.2090: System32:  \Device\HarddiskVolume4\Windows\System32
1e00.2090: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
1e00.2090: KnownDllPath: C:\Windows\system32
1e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1e00.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1e00.2090: supR3HardNtEnableThreadCreation:
1e00.2090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
1e00.2090: supR3HardenedWinDoReSpawn(1): New child 17d4.18f8 [kernel32].
1e00.2090: supR3HardNtChildGatherData: PebBaseAddress=00007ff674c0a000 cbPeb=0x388
1e00.2090: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000
1e00.2090: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70
1e00.2090: supR3HardenedWinSetupChildInit: Start child.
1e00.2090: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1e00.2090: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 21 sleeps
1e00.2090: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1e00.2090:  *0000000000000000-ffffffffff00ffff 0x0001/0x0000 0x0000000
1e00.2090:  *0000000000ff0000-0000000000fcffff 0x0004/0x0004 0x0020000
1e00.2090:  *0000000001010000-0000000000ffbfff 0x0002/0x0002 0x0040000
1e00.2090:   0000000001024000-0000000001017fff 0x0001/0x0000 0x0000000
1e00.2090:  *0000000001030000-0000000000f33fff 0x0000/0x0004 0x0020000
1e00.2090:   000000000112c000-0000000001128fff 0x0104/0x0004 0x0020000
1e00.2090:   000000000112f000-000000000112dfff 0x0004/0x0004 0x0020000
1e00.2090:  *0000000001130000-000000000112bfff 0x0002/0x0002 0x0040000
1e00.2090:   0000000001134000-0000000001127fff 0x0001/0x0000 0x0000000
1e00.2090:  *0000000001140000-000000000113dfff 0x0004/0x0004 0x0020000
1e00.2090:   0000000001142000-ffffffff822a3fff 0x0001/0x0000 0x0000000
1e00.2090:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1e00.2090:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1e00.2090:   000000007fff0000-ffff800a8b3fffff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ff674be0000-00007ff674bbcfff 0x0002/0x0002 0x0040000
1e00.2090:   00007ff674c03000-00007ff674bfbfff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ff674c0a000-00007ff674c08fff 0x0004/0x0004 0x0020000
1e00.2090:   00007ff674c0b000-00007ff674c07fff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ff674c0e000-00007ff674c0bfff 0x0004/0x0004 0x0020000
1e00.2090:   00007ff674c10000-00007ff67423ffff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1e00.2090:   00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1e00.2090:   00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000
1e00.2090:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1e00.2090: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
1e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1e00.2090: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1e00.2090: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
17d4.18f8: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
17d4.18f8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000
1e00.2090: supR3HardNtEnableThreadCreation:
17d4.18f8: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
17d4.18f8: New simple heap: #1 0000000001250000 LB 0x400000 (for 1839104 allocation)
17d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
17d4.18f8: System32:  \Device\HarddiskVolume4\Windows\System32
17d4.18f8: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
17d4.18f8: KnownDllPath: C:\Windows\system32
17d4.18f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
17d4.18f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
17d4.18f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
17d4.18f8: Registered Dll notification callback with NTDLL.
17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17d4.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
17d4.18f8: supR3HardenedDllNotificationCallback: load   00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
17d4.18f8: supR3HardenedDllNotificationCallback: load   00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
17d4.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
17d4.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL'
17d4.18f8: supR3HardenedDllNotificationCallback: load   00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
1e00.2090: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
17d4.18f8: \SystemRoot\System32\ntdll.dll:
17d4.18f8:     CreationTime:    2015-08-20T23:20:59.070821600Z
17d4.18f8:     LastWriteTime:   2015-08-08T07:29:58.168349600Z
17d4.18f8:     ChangeTime:      2015-08-21T10:30:50.420447700Z
17d4.18f8:     FileAttributes:  0x20
17d4.18f8:     Size:            0x1bce48
17d4.18f8:     NT Headers:      0xd8
17d4.18f8:     Timestamp:       0x55c59f92
17d4.18f8:     Machine:         0x8664 - amd64
17d4.18f8:     Timestamp:       0x55c59f92
17d4.18f8:     Image Version:   10.0
17d4.18f8:     SizeOfImage:     0x1c1000 (1839104)
17d4.18f8:     Resource Dir:    0x15a000 LB 0x65718
17d4.18f8:     ProductName:     Microsoft® Windows® Operating System
17d4.18f8:     ProductVersion:  10.0.10240.16430
17d4.18f8:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
17d4.18f8:     FileDescription: NT Layer DLL
17d4.18f8: \SystemRoot\System32\kernel32.dll:
17d4.18f8:     CreationTime:    2015-07-10T10:59:59.699781600Z
17d4.18f8:     LastWriteTime:   2015-07-10T10:59:59.699781600Z
17d4.18f8:     ChangeTime:      2015-10-13T23:39:05.537198800Z
17d4.18f8:     FileAttributes:  0x20
17d4.18f8:     Size:            0xab830
17d4.18f8:     NT Headers:      0xf0
17d4.18f8:     Timestamp:       0x559f38ad
17d4.18f8:     Machine:         0x8664 - amd64
17d4.18f8:     Timestamp:       0x559f38ad
17d4.18f8:     Image Version:   10.0
17d4.18f8:     SizeOfImage:     0xad000 (708608)
17d4.18f8:     Resource Dir:    0xab000 LB 0x518
17d4.18f8:     ProductName:     Microsoft® Windows® Operating System
17d4.18f8:     ProductVersion:  10.0.10240.16384
17d4.18f8:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17d4.18f8:     FileDescription: Windows NT BASE API Client DLL
17d4.18f8: \SystemRoot\System32\KernelBase.dll:
17d4.18f8:     CreationTime:    2015-07-10T11:00:10.325689700Z
17d4.18f8:     LastWriteTime:   2015-07-10T11:00:10.325689700Z
17d4.18f8:     ChangeTime:      2015-10-13T23:39:05.865323100Z
17d4.18f8:     FileAttributes:  0x20
17d4.18f8:     Size:            0x1dc680
17d4.18f8:     NT Headers:      0x100
17d4.18f8:     Timestamp:       0x559f38c3
17d4.18f8:     Machine:         0x8664 - amd64
17d4.18f8:     Timestamp:       0x559f38c3
17d4.18f8:     Image Version:   10.0
17d4.18f8:     SizeOfImage:     0x1dd000 (1953792)
17d4.18f8:     Resource Dir:    0x1c7000 LB 0x530
17d4.18f8:     ProductName:     Microsoft® Windows® Operating System
17d4.18f8:     ProductVersion:  10.0.10240.16384
17d4.18f8:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17d4.18f8:     FileDescription: Windows NT BASE API Client DLL
17d4.18f8: \SystemRoot\System32\apisetschema.dll:
17d4.18f8:     CreationTime:    2015-07-10T11:00:04.872098600Z
17d4.18f8:     LastWriteTime:   2015-07-10T11:00:04.872098600Z
17d4.18f8:     ChangeTime:      2015-08-21T03:35:07.893781700Z
17d4.18f8:     FileAttributes:  0x20
17d4.18f8:     Size:            0x16760
17d4.18f8:     NT Headers:      0xc8
17d4.18f8:     Timestamp:       0x559f3e3d
17d4.18f8:     Machine:         0x8664 - amd64
17d4.18f8:     Timestamp:       0x559f3e3d
17d4.18f8:     Image Version:   10.0
17d4.18f8:     SizeOfImage:     0x17000 (94208)
17d4.18f8:     Resource Dir:    0x16000 LB 0x3f0
17d4.18f8:     ProductName:     Microsoft® Windows® Operating System
17d4.18f8:     ProductVersion:  10.0.10240.16384
17d4.18f8:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
17d4.18f8:     FileDescription: ApiSet Schema DLL
17d4.18f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
17d4.18f8: supR3HardenedWinFindAdversaries: 0x0
17d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
17d4.18f8: Calling main()
17d4.18f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
17d4.18f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17d4.18f8: SUPR3HardenedMain: Respawn #2
17d4.18f8: supR3HardNtEnableThreadCreation:
17d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
17d4.18f8: supR3HardenedWinDoReSpawn(2): New child 130c.1f0c [kernel32].
17d4.18f8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
17d4.18f8: supR3HardNtChildGatherData: PebBaseAddress=00007ff674633000 cbPeb=0x388
17d4.18f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000
17d4.18f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70
17d4.18f8: supR3HardenedWinSetupChildInit: Start child.
17d4.18f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
17d4.18f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 22 sleeps
17d4.18f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
17d4.18f8:  *0000000000000000-ffffffffff7dffff 0x0001/0x0000 0x0000000
17d4.18f8:  *0000000000820000-00000000007fffff 0x0004/0x0004 0x0020000
17d4.18f8:  *0000000000840000-000000000082bfff 0x0002/0x0002 0x0040000
17d4.18f8:   0000000000854000-0000000000847fff 0x0001/0x0000 0x0000000
17d4.18f8:  *0000000000860000-0000000000763fff 0x0000/0x0004 0x0020000
17d4.18f8:   000000000095c000-0000000000958fff 0x0104/0x0004 0x0020000
17d4.18f8:   000000000095f000-000000000095dfff 0x0004/0x0004 0x0020000
17d4.18f8:  *0000000000960000-000000000095bfff 0x0002/0x0002 0x0040000
17d4.18f8:   0000000000964000-0000000000957fff 0x0001/0x0000 0x0000000
17d4.18f8:  *0000000000970000-000000000096dfff 0x0004/0x0004 0x0020000
17d4.18f8:   0000000000972000-ffffffff81303fff 0x0001/0x0000 0x0000000
17d4.18f8:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
17d4.18f8:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
17d4.18f8:   000000007fff0000-ffff800a8b9cffff 0x0001/0x0000 0x0000000
17d4.18f8:  *00007ff674610000-00007ff6745ecfff 0x0002/0x0002 0x0040000
17d4.18f8:  *00007ff674633000-00007ff674631fff 0x0004/0x0004 0x0020000
17d4.18f8:   00007ff674634000-00007ff674629fff 0x0001/0x0000 0x0000000
17d4.18f8:  *00007ff67463e000-00007ff67463bfff 0x0004/0x0004 0x0020000
17d4.18f8:   00007ff674640000-00007ff67369ffff 0x0001/0x0000 0x0000000
17d4.18f8:  *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17d4.18f8:   00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000
17d4.18f8:  *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
17d4.18f8:   00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000
17d4.18f8:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
17d4.18f8: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
17d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17d4.18f8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
17d4.18f8: supR3HardNtChildPurify: Done after 295 ms and 0 fixes (loop #0).
130c.1f0c: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
130c.1f0c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000
17d4.18f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000)
130c.1f0c: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
130c.1f0c: New simple heap: #1 0000000000a80000 LB 0x400000 (for 1839104 allocation)
17d4.18f8: supR3HardNtEnableThreadCreation:
130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
130c.1f0c: System32:  \Device\HarddiskVolume4\Windows\System32
130c.1f0c: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
130c.1f0c: KnownDllPath: C:\Windows\system32
130c.1f0c: supR3HardenedVmProcessInit: Opening vboxdrv...
130c.1f0c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
130c.1f0c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
130c.1f0c: Registered Dll notification callback with NTDLL.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL'
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
130c.1f0c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
17d4.18f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
130c.1f0c: \SystemRoot\System32\ntdll.dll:
130c.1f0c:     CreationTime:    2015-08-20T23:20:59.070821600Z
130c.1f0c:     LastWriteTime:   2015-08-08T07:29:58.168349600Z
130c.1f0c:     ChangeTime:      2015-08-21T10:30:50.420447700Z
130c.1f0c:     FileAttributes:  0x20
130c.1f0c:     Size:            0x1bce48
130c.1f0c:     NT Headers:      0xd8
130c.1f0c:     Timestamp:       0x55c59f92
130c.1f0c:     Machine:         0x8664 - amd64
130c.1f0c:     Timestamp:       0x55c59f92
130c.1f0c:     Image Version:   10.0
130c.1f0c:     SizeOfImage:     0x1c1000 (1839104)
130c.1f0c:     Resource Dir:    0x15a000 LB 0x65718
130c.1f0c:     ProductName:     Microsoft® Windows® Operating System
130c.1f0c:     ProductVersion:  10.0.10240.16430
130c.1f0c:     FileVersion:     10.0.10240.16430 (th1.150807-2049)
130c.1f0c:     FileDescription: NT Layer DLL
130c.1f0c: \SystemRoot\System32\kernel32.dll:
130c.1f0c:     CreationTime:    2015-07-10T10:59:59.699781600Z
130c.1f0c:     LastWriteTime:   2015-07-10T10:59:59.699781600Z
130c.1f0c:     ChangeTime:      2015-10-13T23:39:05.537198800Z
130c.1f0c:     FileAttributes:  0x20
130c.1f0c:     Size:            0xab830
130c.1f0c:     NT Headers:      0xf0
130c.1f0c:     Timestamp:       0x559f38ad
130c.1f0c:     Machine:         0x8664 - amd64
130c.1f0c:     Timestamp:       0x559f38ad
130c.1f0c:     Image Version:   10.0
130c.1f0c:     SizeOfImage:     0xad000 (708608)
130c.1f0c:     Resource Dir:    0xab000 LB 0x518
130c.1f0c:     ProductName:     Microsoft® Windows® Operating System
130c.1f0c:     ProductVersion:  10.0.10240.16384
130c.1f0c:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
130c.1f0c:     FileDescription: Windows NT BASE API Client DLL
130c.1f0c: \SystemRoot\System32\KernelBase.dll:
130c.1f0c:     CreationTime:    2015-07-10T11:00:10.325689700Z
130c.1f0c:     LastWriteTime:   2015-07-10T11:00:10.325689700Z
130c.1f0c:     ChangeTime:      2015-10-13T23:39:05.865323100Z
130c.1f0c:     FileAttributes:  0x20
130c.1f0c:     Size:            0x1dc680
130c.1f0c:     NT Headers:      0x100
130c.1f0c:     Timestamp:       0x559f38c3
130c.1f0c:     Machine:         0x8664 - amd64
130c.1f0c:     Timestamp:       0x559f38c3
130c.1f0c:     Image Version:   10.0
130c.1f0c:     SizeOfImage:     0x1dd000 (1953792)
130c.1f0c:     Resource Dir:    0x1c7000 LB 0x530
130c.1f0c:     ProductName:     Microsoft® Windows® Operating System
130c.1f0c:     ProductVersion:  10.0.10240.16384
130c.1f0c:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
130c.1f0c:     FileDescription: Windows NT BASE API Client DLL
130c.1f0c: \SystemRoot\System32\apisetschema.dll:
130c.1f0c:     CreationTime:    2015-07-10T11:00:04.872098600Z
130c.1f0c:     LastWriteTime:   2015-07-10T11:00:04.872098600Z
130c.1f0c:     ChangeTime:      2015-08-21T03:35:07.893781700Z
130c.1f0c:     FileAttributes:  0x20
130c.1f0c:     Size:            0x16760
130c.1f0c:     NT Headers:      0xc8
130c.1f0c:     Timestamp:       0x559f3e3d
130c.1f0c:     Machine:         0x8664 - amd64
130c.1f0c:     Timestamp:       0x559f3e3d
130c.1f0c:     Image Version:   10.0
130c.1f0c:     SizeOfImage:     0x17000 (94208)
130c.1f0c:     Resource Dir:    0x16000 LB 0x3f0
130c.1f0c:     ProductName:     Microsoft® Windows® Operating System
130c.1f0c:     ProductVersion:  10.0.10240.16384
130c.1f0c:     FileVersion:     10.0.10240.16384 (th1.150709-1700)
130c.1f0c:     FileDescription: ApiSet Schema DLL
130c.1f0c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
130c.1f0c: supR3HardenedWinFindAdversaries: 0x0
130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
130c.1f0c: Calling main()
130c.1f0c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
130c.1f0c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
130c.1f0c: SUPR3HardenedMain: Final process, opening VBoxDrv...
130c.1f0c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a80000 LB 0x400000)
130c.1f0c: supR3HardNtEnableThreadCreation:
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac91f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3cb0000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0f50000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1000000 LB 0x001c1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad4000000 LB 0x00126000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0fa0000 LB 0x00054000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll'
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0e30000 LB 0x00028000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0e30000 'C:\Windows\system32\bcrypt.dll'
130c.1f0c: bcrypt.dll loaded at 00007ffad0e30000, BCryptOpenAlgorithmProvider at 00007ffad0e34a00, preloading providers:
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0cc0000 LB 0x0006b000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0cc0000 'C:\Windows\system32\bcryptprimitives.dll'
130c.1f0c:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e8a730)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e8adf0)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e8b0c0)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e8b420)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e8bf40)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e8c250)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e8c560)
130c.1f0c:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e8c830)
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0460000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad00b0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad05d0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\CRYPT32.dll'
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3400000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad31f0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacf520000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0f80000 LB 0x00013000 C:\Windows\system32\profapi.dll [fFlags=0x0]
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1bb0000 LB 0x0005b000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac2630000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\System32\cryptnet.dll'
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad37d0000 LB 0x000a6000 C:\Windows\system32\advapi32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4000000 'C:\Windows\system32\rpcrt4.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
130c.1f0c: g_pfnWinVerifyTrust=00007ffad0fa8890
130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x6fae3debd474d000 CN=ZackWorkWin10
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
130c.1f0c: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Renton, O=Parallels, Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=Parallels, Inc.
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xcd5e8f6875d9ad00 CN=DESKTOP-C0JAJ7K
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
130c.1f0c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=35
130c.1f0c: SUPR3HardenedMain: Load Runtime...
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   0000000069750000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00000000696b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1ba0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad4130000 LB 0x00069000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaa5090000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: SUPR3HardenedMain: Load TrustedMain...
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_329_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3480000 LB 0x0014e000 C:\Windows\system32\USER32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3640000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8bc0000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab7ca0000 LB 0x000f6000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab7da0000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8160000 LB 0x00128000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad41a0000 LB 0x0027c000 C:\Windows\system32\combase.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3df0000 LB 0x00141000 C:\Windows\system32\ole32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00000000693d0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1ae0000 LB 0x000b3000 C:\Windows\system32\shcore.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3d90000 LB 0x00051000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac4560000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0f70000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0f00000 LB 0x0004a000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad11d0000 LB 0x00628000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1cc0000 LB 0x01522000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3a70000 LB 0x000d7000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3f40000 LB 0x000be000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3b50000 LB 0x0015c000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3d50000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1800000 LB 0x00044000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad0ba0000 LB 0x00027000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacec30000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacec90000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacae00000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   0000000068950000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00000000692c0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   0000000068870000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaa45d0000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3d50000 'C:\Windows\system32\imm32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa45d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
130c.1f0c: SUPR3HardenedMain: Calling TrustedMain (00007ffaa45d10d0)...
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaceee0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007fface0a0000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_138_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad37d0000 'C:\Windows\system32\advapi32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad01a0000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad01a0000 'C:\Windows\system32\userenv.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad1c10000 LB 0x000a5000 C:\Windows\system32\clbcatq.dll [fFlags=0x0]
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) WinVerifyTrust
130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
130c.2260: supR3HardenedDllNotificationCallback: load   00007ffad3a60000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll
130c.2260: supR3HardenedDllNotificationCallback: load   00007ffacf500000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
130c.2260: supR3HardenedDllNotificationCallback: load   00007ffaa3ff0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\System32\oleaut32.dll'
130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
130c.2260: supR3HardenedDllNotificationCallback: load   00007ffad0d30000 LB 0x00098000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3640000 'C:\Windows\system32\gdi32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume4\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume4\Windows\System32\d2d1.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\d2d1.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d2d1.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d2d1.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac5e50000 LB 0x00545000 C:\Windows\system32\d2d1.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacdd50000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacddf0000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007fface760000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffabc800000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc800000 'C:\Windows\system32\dataexchange.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacefa0000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\MSCTF.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4560000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\SYSTEM32\WINMM.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32/uxtheme.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007fface160000 LB 0x00183000 C:\Windows\system32\propsys.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface160000 'C:\Windows\system32\propsys.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\Windows.Storage.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\windows.storage.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac02e0000 LB 0x00274000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacac00000 LB 0x001b2000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaced60000 LB 0x00078000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e1c pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54A8D49732D327F780234E47407FD91AB77B632A
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
130c.1f0c: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 0b f4 b7 b3 5e f7 a4 6b ab 0b 7c 99 e9 03 00 00)
130c.1f0c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll)
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
130c.1f0c: Error (rc=0):
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d20 pwszName=\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71E11A131CDF3E69651FC99A41A71D0B0DE9672D
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffad3890000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8be0000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e04 pwszName=\Device\HarddiskVolume4\Windows\System32\cscui.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E64571B9529C5C26824687EDDD20704860318470
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscui.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'propsys.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cscdll.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscui.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscui.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cscdll.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cscdll.dll' -> '\Device\HarddiskVolume4\Windows\System32\cscdll.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e08 pwszName=\Device\HarddiskVolume4\Windows\System32\cscdll.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF8F6BC6D7190460FA0E3467AE0519E1B041C365
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscdll.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscdll.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscdll.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8bd0000 LB 0x0000d000 C:\Windows\System32\CSCDLL.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8030000 LB 0x000c4000 C:\Windows\System32\cscui.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shell32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mpr.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffacfe20000 LB 0x0001c000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab7fd0000 LB 0x00052000 C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7fd0000 'C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume4\Windows\System32\mssprxy.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=246789B7D75DFAD08D941EC92596C38786199961
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\mssprxy.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mssprxy.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mssprxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab83d0000 LB 0x00023000 C:\Windows\system32\mssprxy.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab83d0000 'C:\Windows\system32\mssprxy.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d2c pwszName=\Device\HarddiskVolume4\Windows\System32\thumbcache.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1DBC107C40D287802EBE6D2F04AED2B6BC21C52
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\thumbcache.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shcore.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\thumbcache.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffab8f80000 LB 0x0004b000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8f80000 'C:\Windows\System32\thumbcache.dll'
130c.1f0c: '\Device\HarddiskVolume4\Windows\System32\imageres.dll' has no imports
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imageres.dll)
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imageres.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imageres.dll [avoiding WinVerifyTrust]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume4\Windows\System32\imageres.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4623A580B03375E478409EF57299A63413828324
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\imageres.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imageres.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3df0000 'C:\Windows\system32\ole32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaca3c0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffaca450000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca450000 'C:\Windows\system32\wbem\wbemprox.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f04 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac9980000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9980000 'C:\Windows\system32\wbem\wbemsvc.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-l1-2-0.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
130c.1f0c: supR3HardenedDllNotificationCallback: load   00007ffac9e20000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9e20000 'C:\Windows\system32\wbem\fastprox.dll'
130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.2150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
130c.2150: supR3HardenedDllNotificationCallback: load   0000000068760000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
130c.2150: supR3HardenedDllNotificationCallback: load   00007ffaa5e70000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
130c.1794: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume4\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ci.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ci.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ci.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kdcom.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kdcom.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume4\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\PSHED.DLL)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\PSHED.DLL
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\hal.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hal.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hal.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\hal.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ci.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cbc pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=695CB5D234E33829E3320DD8DE835DE7D1459933
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_379_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ws2_32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'netsetupapi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'setupapi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac8750000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac8770000 LB 0x00063000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8770000 'C:\Windows\System32\NetSetupShim.dll'
130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130c.1e90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
130c.1e90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
130c.1e90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1e90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1e90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
130c.1e90: supR3HardenedDllNotificationCallback: load   00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
130c.1e90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad09d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.13e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
130c.13e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.13e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.13e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.13e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
130c.13e0: supR3HardenedDllNotificationCallback: load   00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
130c.13e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.acc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
130c.acc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.acc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.acc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.acc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
130c.acc: supR3HardenedDllNotificationCallback: load   00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
130c.acc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.1450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
130c.1450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
130c.1450: supR3HardenedDllNotificationCallback: load   00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
130c.1450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0960000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32/Shell32.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001114 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3700000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7a50000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
130c.544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
130c.544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
130c.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
130c.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.544: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
130c.544: supR3HardenedDllNotificationCallback: load   00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
130c.544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0950000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000120c pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaa7320000 LB 0x0009c000 C:\Windows\system32\dsound.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32\dsound.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32/dsound.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaca580000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\System32\MMDevApi.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\system32\MMDEVAPI.DLL'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001278 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac9aa0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac9a90000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacf6e0000 LB 0x00041000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffaca600000 LB 0x00131000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffac2570000 LB 0x00085000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2570000 'C:\Windows\system32\AUDIOSES.DLL'
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe8 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacf6c0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacf980000 LB 0x0000c000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012cc pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedDllNotificationCallback: load   00007ffacf970000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\System32\dsound.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32/kernel32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.DLL'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll'
130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
130c.544: supR3HardenedDllNotificationCallback: Unload 00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
130c.1450: supR3HardenedDllNotificationCallback: Unload 00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
130c.acc: supR3HardenedDllNotificationCallback: Unload 00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
130c.13e0: supR3HardenedDllNotificationCallback: Unload 00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
130c.1e90: supR3HardenedDllNotificationCallback: Unload 00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [flags=0x0]
130c.1f0c: Terminating the normal way: rcExit=0
17d4.18f8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55329 ms, the end);
1e00.2090: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55722 ms, the end);