VirtualBox

Ticket #10031: VBoxHardening.log

File VBoxHardening.log, 340.4 KB (added by eguerin, 6 years ago)
Line 
118bc.27d4: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
218bc.27d4: \SystemRoot\System32\ntdll.dll:
318bc.27d4: CreationTime: 2018-03-17T14:17:34.035666700Z
418bc.27d4: LastWriteTime: 2017-09-05T05:26:19.169608500Z
518bc.27d4: ChangeTime: 2018-03-17T14:26:51.160901600Z
618bc.27d4: FileAttributes: 0x20
718bc.27d4: Size: 0x1d7658
818bc.27d4: NT Headers: 0xe0
918bc.27d4: Timestamp: 0x8274fd8b
1018bc.27d4: Machine: 0x8664 - amd64
1118bc.27d4: Timestamp: 0x8274fd8b
1218bc.27d4: Image Version: 10.0
1318bc.27d4: SizeOfImage: 0x1db000 (1945600)
1418bc.27d4: Resource Dir: 0x170000 LB 0x69448
1518bc.27d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1618bc.27d4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1718bc.27d4: ProductName: Microsoft® Windows® Operating System
1818bc.27d4: ProductVersion: 10.0.15063.608
1918bc.27d4: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
2018bc.27d4: FileDescription: NT Layer DLL
2118bc.27d4: \SystemRoot\System32\kernel32.dll:
2218bc.27d4: CreationTime: 2017-07-11T05:40:08.546207000Z
2318bc.27d4: LastWriteTime: 2017-07-11T05:40:08.546207000Z
2418bc.27d4: ChangeTime: 2018-03-17T14:23:35.557108600Z
2518bc.27d4: FileAttributes: 0x20
2618bc.27d4: Size: 0xad068
2718bc.27d4: NT Headers: 0xf8
2818bc.27d4: Timestamp: 0xf5fa43df
2918bc.27d4: Machine: 0x8664 - amd64
3018bc.27d4: Timestamp: 0xf5fa43df
3118bc.27d4: Image Version: 10.0
3218bc.27d4: SizeOfImage: 0xae000 (712704)
3318bc.27d4: Resource Dir: 0xac000 LB 0x520
3418bc.27d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3518bc.27d4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3618bc.27d4: ProductName: Microsoft® Windows® Operating System
3718bc.27d4: ProductVersion: 10.0.15063.296
3818bc.27d4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3918bc.27d4: FileDescription: Windows NT BASE API Client DLL
4018bc.27d4: \SystemRoot\System32\KernelBase.dll:
4118bc.27d4: CreationTime: 2018-03-17T14:17:20.455614500Z
4218bc.27d4: LastWriteTime: 2017-11-02T05:16:53.631004400Z
4318bc.27d4: ChangeTime: 2018-03-17T14:26:50.410930300Z
4418bc.27d4: FileAttributes: 0x20
4518bc.27d4: Size: 0x2499e8
4618bc.27d4: NT Headers: 0x100
4718bc.27d4: Timestamp: 0x1a9bbe0b
4818bc.27d4: Machine: 0x8664 - amd64
4918bc.27d4: Timestamp: 0x1a9bbe0b
5018bc.27d4: Image Version: 10.0
5118bc.27d4: SizeOfImage: 0x249000 (2396160)
5218bc.27d4: Resource Dir: 0x22a000 LB 0x548
5318bc.27d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5418bc.27d4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5518bc.27d4: ProductName: Microsoft® Windows® Operating System
5618bc.27d4: ProductVersion: 10.0.15063.726
5718bc.27d4: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
5818bc.27d4: FileDescription: Windows NT BASE API Client DLL
5918bc.27d4: \SystemRoot\System32\apisetschema.dll:
6018bc.27d4: CreationTime: 2017-03-18T20:57:35.373527900Z
6118bc.27d4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
6218bc.27d4: ChangeTime: 2018-03-16T17:28:27.889461700Z
6318bc.27d4: FileAttributes: 0x20
6418bc.27d4: Size: 0x1ada0
6518bc.27d4: NT Headers: 0xc0
6618bc.27d4: Timestamp: 0x76544b2
6718bc.27d4: Machine: 0x8664 - amd64
6818bc.27d4: Timestamp: 0x76544b2
6918bc.27d4: Image Version: 10.0
7018bc.27d4: SizeOfImage: 0x1b000 (110592)
7118bc.27d4: Resource Dir: 0x1a000 LB 0x408
7218bc.27d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7318bc.27d4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7418bc.27d4: ProductName: Microsoft® Windows® Operating System
7518bc.27d4: ProductVersion: 10.0.15063.0
7618bc.27d4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
7718bc.27d4: FileDescription: ApiSet Schema DLL
7818bc.27d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7918bc.27d4: supR3HardenedWinFindAdversaries: 0x3
8018bc.27d4: \SystemRoot\System32\drivers\SysPlant.sys:
8118bc.27d4: CreationTime: 2018-01-25T09:19:43.728868200Z
8218bc.27d4: LastWriteTime: 2018-01-25T09:19:43.744456000Z
8318bc.27d4: ChangeTime: 2018-03-20T08:55:47.455830300Z
8418bc.27d4: FileAttributes: 0x20
8518bc.27d4: Size: 0x30568
8618bc.27d4: NT Headers: 0xf0
8718bc.27d4: Timestamp: 0x59c4c3f0
8818bc.27d4: Machine: 0x8664 - amd64
8918bc.27d4: Timestamp: 0x59c4c3f0
9018bc.27d4: Image Version: 5.0
9118bc.27d4: SizeOfImage: 0x31000 (200704)
9218bc.27d4: Resource Dir: 0x2f000 LB 0x49c
9318bc.27d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9418bc.27d4: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
9518bc.27d4: ProductName: Symantec CMC Firewall
9618bc.27d4: ProductVersion: 14.0.3688.1000
9718bc.27d4: FileVersion: 14.0.3688.1000
9818bc.27d4: FileDescription: Symantec CMC Firewall SysPlant
9918bc.27d4: \SystemRoot\System32\sysfer.dll:
10018bc.27d4: CreationTime: 2018-01-25T09:19:43.728868200Z
10118bc.27d4: LastWriteTime: 2018-01-25T09:19:43.728868200Z
10218bc.27d4: ChangeTime: 2018-03-16T08:51:00.071331500Z
10318bc.27d4: FileAttributes: 0x20
10418bc.27d4: Size: 0x7bce8
10518bc.27d4: NT Headers: 0xf8
10618bc.27d4: Timestamp: 0x59c4c3fe
10718bc.27d4: Machine: 0x8664 - amd64
10818bc.27d4: Timestamp: 0x59c4c3fe
10918bc.27d4: Image Version: 0.0
11018bc.27d4: SizeOfImage: 0x92000 (598016)
11118bc.27d4: Resource Dir: 0x8e000 LB 0x490
11218bc.27d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11318bc.27d4: [Raw version resource data: 0x8e0b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
11418bc.27d4: ProductName: Symantec CMC Firewall
11518bc.27d4: ProductVersion: 14.0.3688.1000
11618bc.27d4: FileVersion: 14.0.3688.1000
11718bc.27d4: FileDescription: Symantec CMC Firewall sysfer
11818bc.27d4: \SystemRoot\System32\drivers\symevent64x86.sys:
11918bc.27d4: CreationTime: 2018-01-25T09:19:54.777734500Z
12018bc.27d4: LastWriteTime: 2018-03-20T08:56:00.025251300Z
12118bc.27d4: ChangeTime: 2018-03-22T07:56:11.314071200Z
12218bc.27d4: FileAttributes: 0x20
12318bc.27d4: Size: 0x190d0
12418bc.27d4: NT Headers: 0xe0
12518bc.27d4: Timestamp: 0x584f629e
12618bc.27d4: Machine: 0x8664 - amd64
12718bc.27d4: Timestamp: 0x584f629e
12818bc.27d4: Image Version: 6.2
12918bc.27d4: SizeOfImage: 0x23000 (143360)
13018bc.27d4: Resource Dir: 0x21000 LB 0x3c8
13118bc.27d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13218bc.27d4: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
13318bc.27d4: ProductName: SYMEVENT
13418bc.27d4: ProductVersion: 14.0.4.16
13518bc.27d4: FileVersion: 14.0.4.16
13618bc.27d4: FileDescription: Symantec Event Library
13718bc.27d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
13818bc.27d4: Calling main()
13918bc.27d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
14018bc.27d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14118bc.27d4: SUPR3HardenedMain: Respawn #1
14218bc.27d4: System32: \Device\HarddiskVolume2\Windows\System32
14318bc.27d4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
14418bc.27d4: KnownDllPath: C:\WINDOWS\System32
14518bc.27d4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
14618bc.27d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
14718bc.27d4: supR3HardNtEnableThreadCreation:
14818bc.27d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac6389ac0 pvNtTerminateThread=00007ffac63b5df0
14918bc.27d4: supR3HardenedWinDoReSpawn(1): New child 9d8.9c8 [kernel32].
15018bc.27d4: supR3HardNtChildGatherData: PebBaseAddress=000000000024b000 cbPeb=0x388
15118bc.27d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffac6310000 uNtDllChildAddr=00007ffac6310000
15218bc.27d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffac6389ac0
15318bc.27d4: supR3HardenedWinSetupChildInit: Start child.
15418bc.27d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
15518bc.27d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 55 sleeps
15618bc.27d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
15718bc.27d4: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000
15818bc.27d4: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000
15918bc.27d4: *0000000000040000-0000000000057fff 0x0002/0x0002 0x0040000
16018bc.27d4: 0000000000058000-000000000005ffff 0x0001/0x0000 0x0000000
16118bc.27d4: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000
16218bc.27d4: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000
16318bc.27d4: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000
16418bc.27d4: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000
16518bc.27d4: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000
16618bc.27d4: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
16718bc.27d4: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
16818bc.27d4: *0000000000200000-000000000024afff 0x0000/0x0004 0x0020000
16918bc.27d4: 000000000024b000-000000000024dfff 0x0004/0x0004 0x0020000
17018bc.27d4: 000000000024e000-00000000003fffff 0x0000/0x0004 0x0020000
17118bc.27d4: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
17218bc.27d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
17318bc.27d4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
17418bc.27d4: 000000007fff0000-00007ff77c6dffff 0x0001/0x0000 0x0000000
17518bc.27d4: *00007ff77c6e0000-00007ff77c702fff 0x0002/0x0002 0x0040000
17618bc.27d4: 00007ff77c703000-00007ff77ca6ffff 0x0001/0x0000 0x0000000
17718bc.27d4: *00007ff77ca70000-00007ff77ca70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
17818bc.27d4: 00007ff77ca71000-00007ff77cae1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
17918bc.27d4: 00007ff77cae2000-00007ff77cae2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18018bc.27d4: 00007ff77cae3000-00007ff77cb28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18118bc.27d4: 00007ff77cb29000-00007ff77cb29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18218bc.27d4: 00007ff77cb2a000-00007ff77cb2afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18318bc.27d4: 00007ff77cb2b000-00007ff77cb2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18418bc.27d4: 00007ff77cb30000-00007ff77cb30fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18518bc.27d4: 00007ff77cb31000-00007ff77cb31fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18618bc.27d4: 00007ff77cb32000-00007ff77cb35fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18718bc.27d4: 00007ff77cb36000-00007ff77cb7dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
18818bc.27d4: 00007ff77cb7e000-00007ff77cb7ffff 0x0001/0x0000 0x0000000
18918bc.27d4: *00007ff77cb80000-00007ff77cb80fff 0x0004/0x0004 0x0020000
19018bc.27d4: 00007ff77cb81000-00007ffac630ffff 0x0001/0x0000 0x0000000
19118bc.27d4: *00007ffac6310000-00007ffac6310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19218bc.27d4: 00007ffac6311000-00007ffac641ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19318bc.27d4: 00007ffac6420000-00007ffac6464fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19418bc.27d4: 00007ffac6465000-00007ffac646cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19518bc.27d4: 00007ffac646d000-00007ffac647afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19618bc.27d4: 00007ffac647b000-00007ffac647bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19718bc.27d4: 00007ffac647c000-00007ffac647efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19818bc.27d4: 00007ffac647f000-00007ffac64eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
19918bc.27d4: 00007ffac64eb000-00007ffffffdffff 0x0001/0x0000 0x0000000
20018bc.27d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
20118bc.27d4: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
20218bc.27d4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
20318bc.27d4: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
20418bc.27d4: 00007ff77ca70162 / 0x0000162: 00 != 11
20518bc.27d4: 00007ff77ca70164 / 0x0000164: 00 != 14
20618bc.27d4: Restored 0x400 bytes of original file content at 00007ff77ca70000
20718bc.27d4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
20818bc.27d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
20918bc.27d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 33 sleeps
21018bc.27d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
21118bc.27d4: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000
21218bc.27d4: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000
21318bc.27d4: *0000000000040000-0000000000057fff 0x0002/0x0002 0x0040000
21418bc.27d4: 0000000000058000-000000000005ffff 0x0001/0x0000 0x0000000
21518bc.27d4: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000
21618bc.27d4: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000
21718bc.27d4: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000
21818bc.27d4: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000
21918bc.27d4: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000
22018bc.27d4: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
22118bc.27d4: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
22218bc.27d4: *0000000000200000-000000000024afff 0x0000/0x0004 0x0020000
22318bc.27d4: 000000000024b000-000000000024dfff 0x0004/0x0004 0x0020000
22418bc.27d4: 000000000024e000-00000000003fffff 0x0000/0x0004 0x0020000
22518bc.27d4: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
22618bc.27d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
22718bc.27d4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
22818bc.27d4: 000000007fff0000-00007ff77c6dffff 0x0001/0x0000 0x0000000
22918bc.27d4: *00007ff77c6e0000-00007ff77c702fff 0x0002/0x0002 0x0040000
23018bc.27d4: 00007ff77c703000-00007ff77ca6ffff 0x0001/0x0000 0x0000000
23118bc.27d4: *00007ff77ca70000-00007ff77ca70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23218bc.27d4: 00007ff77ca71000-00007ff77cae1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23318bc.27d4: 00007ff77cae2000-00007ff77cae2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23418bc.27d4: 00007ff77cae3000-00007ff77cb28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23518bc.27d4: 00007ff77cb29000-00007ff77cb35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23618bc.27d4: 00007ff77cb36000-00007ff77cb7dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
23718bc.27d4: 00007ff77cb7e000-00007ff77cb7ffff 0x0001/0x0000 0x0000000
23818bc.27d4: *00007ff77cb80000-00007ff77cb80fff 0x0004/0x0004 0x0020000
23918bc.27d4: 00007ff77cb81000-00007ffac630ffff 0x0001/0x0000 0x0000000
24018bc.27d4: *00007ffac6310000-00007ffac6310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24118bc.27d4: 00007ffac6311000-00007ffac641ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24218bc.27d4: 00007ffac6420000-00007ffac6464fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24318bc.27d4: 00007ffac6465000-00007ffac6468fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24418bc.27d4: 00007ffac6469000-00007ffac646cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24518bc.27d4: 00007ffac646d000-00007ffac647afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24618bc.27d4: 00007ffac647b000-00007ffac647bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24718bc.27d4: 00007ffac647c000-00007ffac647efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24818bc.27d4: 00007ffac647f000-00007ffac64eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
24918bc.27d4: 00007ffac64eb000-00007ffffffdffff 0x0001/0x0000 0x0000000
25018bc.27d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
25118bc.27d4: supR3HardNtChildPurify: Done after 1058 ms and 1 fixes (loop #1).
25218bc.27d4: supR3HardNtEnableThreadCreation:
2539d8.9c8: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
2549d8.9c8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffac6310000 g_uNtVerCombined=0xa03ad700
2559d8.9c8: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
2569d8.9c8: New simple heap: #1 0000000000500000 LB 0x400000 (for 1945600 allocation)
2579d8.9c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2589d8.9c8: System32: \Device\HarddiskVolume2\Windows\System32
2599d8.9c8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2609d8.9c8: KnownDllPath: C:\WINDOWS\System32
2619d8.9c8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2629d8.9c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2639d8.9c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2649d8.9c8: Registered Dll notification callback with NTDLL.
2659d8.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2669d8.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2679d8.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2689d8.9c8: supR3HardenedDllNotificationCallback: load 00007ffac2810000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2699d8.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2709d8.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2719d8.9c8: supR3HardenedDllNotificationCallback: load 00007ffac3a70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2729d8.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2739d8.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3a70000 'C:\WINDOWS\System32\KERNEL32.DLL'
2749d8.9c8: supR3HardenedDllNotificationCallback: load 00007ff77ca70000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2759d8.9c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2769d8.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2779d8.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2789d8.9c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac6389ac0 pvNtTerminateThread=00007ffac63b5df0
27918bc.27d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
2809d8.9c8: \SystemRoot\System32\ntdll.dll:
2819d8.9c8: CreationTime: 2018-03-17T14:17:34.035666700Z
2829d8.9c8: LastWriteTime: 2017-09-05T05:26:19.169608500Z
2839d8.9c8: ChangeTime: 2018-03-17T14:26:51.160901600Z
2849d8.9c8: FileAttributes: 0x20
2859d8.9c8: Size: 0x1d7658
2869d8.9c8: NT Headers: 0xe0
2879d8.9c8: Timestamp: 0x8274fd8b
2889d8.9c8: Machine: 0x8664 - amd64
2899d8.9c8: Timestamp: 0x8274fd8b
2909d8.9c8: Image Version: 10.0
2919d8.9c8: SizeOfImage: 0x1db000 (1945600)
2929d8.9c8: Resource Dir: 0x170000 LB 0x69448
2939d8.9c8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2949d8.9c8: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2959d8.9c8: ProductName: Microsoft® Windows® Operating System
2969d8.9c8: ProductVersion: 10.0.15063.608
2979d8.9c8: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
2989d8.9c8: FileDescription: NT Layer DLL
2999d8.9c8: \SystemRoot\System32\kernel32.dll:
3009d8.9c8: CreationTime: 2017-07-11T05:40:08.546207000Z
3019d8.9c8: LastWriteTime: 2017-07-11T05:40:08.546207000Z
3029d8.9c8: ChangeTime: 2018-03-17T14:23:35.557108600Z
3039d8.9c8: FileAttributes: 0x20
3049d8.9c8: Size: 0xad068
3059d8.9c8: NT Headers: 0xf8
3069d8.9c8: Timestamp: 0xf5fa43df
3079d8.9c8: Machine: 0x8664 - amd64
3089d8.9c8: Timestamp: 0xf5fa43df
3099d8.9c8: Image Version: 10.0
3109d8.9c8: SizeOfImage: 0xae000 (712704)
3119d8.9c8: Resource Dir: 0xac000 LB 0x520
3129d8.9c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3139d8.9c8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3149d8.9c8: ProductName: Microsoft® Windows® Operating System
3159d8.9c8: ProductVersion: 10.0.15063.296
3169d8.9c8: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3179d8.9c8: FileDescription: Windows NT BASE API Client DLL
3189d8.9c8: \SystemRoot\System32\KernelBase.dll:
3199d8.9c8: CreationTime: 2018-03-17T14:17:20.455614500Z
3209d8.9c8: LastWriteTime: 2017-11-02T05:16:53.631004400Z
3219d8.9c8: ChangeTime: 2018-03-17T14:26:50.410930300Z
3229d8.9c8: FileAttributes: 0x20
3239d8.9c8: Size: 0x2499e8
3249d8.9c8: NT Headers: 0x100
3259d8.9c8: Timestamp: 0x1a9bbe0b
3269d8.9c8: Machine: 0x8664 - amd64
3279d8.9c8: Timestamp: 0x1a9bbe0b
3289d8.9c8: Image Version: 10.0
3299d8.9c8: SizeOfImage: 0x249000 (2396160)
3309d8.9c8: Resource Dir: 0x22a000 LB 0x548
3319d8.9c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3329d8.9c8: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3339d8.9c8: ProductName: Microsoft® Windows® Operating System
3349d8.9c8: ProductVersion: 10.0.15063.726
3359d8.9c8: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
3369d8.9c8: FileDescription: Windows NT BASE API Client DLL
3379d8.9c8: \SystemRoot\System32\apisetschema.dll:
3389d8.9c8: CreationTime: 2017-03-18T20:57:35.373527900Z
3399d8.9c8: LastWriteTime: 2017-03-18T20:57:35.373527900Z
3409d8.9c8: ChangeTime: 2018-03-16T17:28:27.889461700Z
3419d8.9c8: FileAttributes: 0x20
3429d8.9c8: Size: 0x1ada0
3439d8.9c8: NT Headers: 0xc0
3449d8.9c8: Timestamp: 0x76544b2
3459d8.9c8: Machine: 0x8664 - amd64
3469d8.9c8: Timestamp: 0x76544b2
3479d8.9c8: Image Version: 10.0
3489d8.9c8: SizeOfImage: 0x1b000 (110592)
3499d8.9c8: Resource Dir: 0x1a000 LB 0x408
3509d8.9c8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3519d8.9c8: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3529d8.9c8: ProductName: Microsoft® Windows® Operating System
3539d8.9c8: ProductVersion: 10.0.15063.0
3549d8.9c8: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
3559d8.9c8: FileDescription: ApiSet Schema DLL
3569d8.9c8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3579d8.9c8: supR3HardenedWinFindAdversaries: 0x3
3589d8.9c8: \SystemRoot\System32\drivers\SysPlant.sys:
3599d8.9c8: CreationTime: 2018-01-25T09:19:43.728868200Z
3609d8.9c8: LastWriteTime: 2018-01-25T09:19:43.744456000Z
3619d8.9c8: ChangeTime: 2018-03-20T08:55:47.455830300Z
3629d8.9c8: FileAttributes: 0x20
3639d8.9c8: Size: 0x30568
3649d8.9c8: NT Headers: 0xf0
3659d8.9c8: Timestamp: 0x59c4c3f0
3669d8.9c8: Machine: 0x8664 - amd64
3679d8.9c8: Timestamp: 0x59c4c3f0
3689d8.9c8: Image Version: 5.0
3699d8.9c8: SizeOfImage: 0x31000 (200704)
3709d8.9c8: Resource Dir: 0x2f000 LB 0x49c
3719d8.9c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3729d8.9c8: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
3739d8.9c8: ProductName: Symantec CMC Firewall
3749d8.9c8: ProductVersion: 14.0.3688.1000
3759d8.9c8: FileVersion: 14.0.3688.1000
3769d8.9c8: FileDescription: Symantec CMC Firewall SysPlant
3779d8.9c8: \SystemRoot\System32\sysfer.dll:
3789d8.9c8: CreationTime: 2018-01-25T09:19:43.728868200Z
3799d8.9c8: LastWriteTime: 2018-01-25T09:19:43.728868200Z
3809d8.9c8: ChangeTime: 2018-03-16T08:51:00.071331500Z
3819d8.9c8: FileAttributes: 0x20
3829d8.9c8: Size: 0x7bce8
3839d8.9c8: NT Headers: 0xf8
3849d8.9c8: Timestamp: 0x59c4c3fe
3859d8.9c8: Machine: 0x8664 - amd64
3869d8.9c8: Timestamp: 0x59c4c3fe
3879d8.9c8: Image Version: 0.0
3889d8.9c8: SizeOfImage: 0x92000 (598016)
3899d8.9c8: Resource Dir: 0x8e000 LB 0x490
3909d8.9c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3919d8.9c8: [Raw version resource data: 0x8e0b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
3929d8.9c8: ProductName: Symantec CMC Firewall
3939d8.9c8: ProductVersion: 14.0.3688.1000
3949d8.9c8: FileVersion: 14.0.3688.1000
3959d8.9c8: FileDescription: Symantec CMC Firewall sysfer
3969d8.9c8: \SystemRoot\System32\drivers\symevent64x86.sys:
3979d8.9c8: CreationTime: 2018-01-25T09:19:54.777734500Z
3989d8.9c8: LastWriteTime: 2018-03-20T08:56:00.025251300Z
3999d8.9c8: ChangeTime: 2018-03-22T07:56:11.314071200Z
4009d8.9c8: FileAttributes: 0x20
4019d8.9c8: Size: 0x190d0
4029d8.9c8: NT Headers: 0xe0
4039d8.9c8: Timestamp: 0x584f629e
4049d8.9c8: Machine: 0x8664 - amd64
4059d8.9c8: Timestamp: 0x584f629e
4069d8.9c8: Image Version: 6.2
4079d8.9c8: SizeOfImage: 0x23000 (143360)
4089d8.9c8: Resource Dir: 0x21000 LB 0x3c8
4099d8.9c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4109d8.9c8: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
4119d8.9c8: ProductName: SYMEVENT
4129d8.9c8: ProductVersion: 14.0.4.16
4139d8.9c8: FileVersion: 14.0.4.16
4149d8.9c8: FileDescription: Symantec Event Library
4159d8.9c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4169d8.9c8: Calling main()
4179d8.9c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4189d8.9c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4199d8.9c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4209d8.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4219d8.9c8: SUPR3HardenedMain: Respawn #2
4229d8.9c8: supR3HardNtEnableThreadCreation:
4239d8.9c8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4249d8.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
4259d8.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4269d8.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4279d8.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6310000 'C:\WINDOWS\System32\ntdll.dll'
4289d8.9c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac6389ac0 pvNtTerminateThread=00007ffac63b5df0
4299d8.9c8: supR3HardenedWinDoReSpawn(2): New child 874.850 [kernel32].
4309d8.9c8: supR3HardNtChildGatherData: PebBaseAddress=000000000043f000 cbPeb=0x388
4319d8.9c8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffac6310000 uNtDllChildAddr=00007ffac6310000
4329d8.9c8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffac6389ac0
4339d8.9c8: supR3HardenedWinSetupChildInit: Start child.
4349d8.9c8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4359d8.9c8: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
4369d8.9c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4379d8.9c8: *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000
4389d8.9c8: *00000000003e0000-00000000003fffff 0x0004/0x0004 0x0020000
4399d8.9c8: *0000000000400000-000000000043efff 0x0000/0x0004 0x0020000
4409d8.9c8: 000000000043f000-0000000000441fff 0x0004/0x0004 0x0020000
4419d8.9c8: 0000000000442000-00000000005fffff 0x0000/0x0004 0x0020000
4429d8.9c8: *0000000000600000-0000000000617fff 0x0002/0x0002 0x0040000
4439d8.9c8: 0000000000618000-000000000061ffff 0x0001/0x0000 0x0000000
4449d8.9c8: *0000000000620000-000000000071afff 0x0000/0x0004 0x0020000
4459d8.9c8: 000000000071b000-000000000071dfff 0x0104/0x0004 0x0020000
4469d8.9c8: 000000000071e000-000000000071ffff 0x0004/0x0004 0x0020000
4479d8.9c8: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
4489d8.9c8: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
4499d8.9c8: *0000000000730000-0000000000730fff 0x0004/0x0004 0x0020000
4509d8.9c8: 0000000000731000-000000007ffdffff 0x0001/0x0000 0x0000000
4519d8.9c8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4529d8.9c8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4539d8.9c8: 000000007fff0000-00007ff77c4cffff 0x0001/0x0000 0x0000000
4549d8.9c8: *00007ff77c4d0000-00007ff77c4f2fff 0x0002/0x0002 0x0040000
4559d8.9c8: 00007ff77c4f3000-00007ff77ca6ffff 0x0001/0x0000 0x0000000
4569d8.9c8: *00007ff77ca70000-00007ff77ca70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4579d8.9c8: 00007ff77ca71000-00007ff77cae1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4589d8.9c8: 00007ff77cae2000-00007ff77cae2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4599d8.9c8: 00007ff77cae3000-00007ff77cb28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4609d8.9c8: 00007ff77cb29000-00007ff77cb29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4619d8.9c8: 00007ff77cb2a000-00007ff77cb2afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4629d8.9c8: 00007ff77cb2b000-00007ff77cb2ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4639d8.9c8: 00007ff77cb30000-00007ff77cb30fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4649d8.9c8: 00007ff77cb31000-00007ff77cb31fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4659d8.9c8: 00007ff77cb32000-00007ff77cb35fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4669d8.9c8: 00007ff77cb36000-00007ff77cb7dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4679d8.9c8: 00007ff77cb7e000-00007ff77cb7ffff 0x0001/0x0000 0x0000000
4689d8.9c8: *00007ff77cb80000-00007ff77cb80fff 0x0004/0x0004 0x0020000
4699d8.9c8: 00007ff77cb81000-00007ffac630ffff 0x0001/0x0000 0x0000000
4709d8.9c8: *00007ffac6310000-00007ffac6310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4719d8.9c8: 00007ffac6311000-00007ffac641ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4729d8.9c8: 00007ffac6420000-00007ffac6464fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4739d8.9c8: 00007ffac6465000-00007ffac646cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4749d8.9c8: 00007ffac646d000-00007ffac647afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4759d8.9c8: 00007ffac647b000-00007ffac647bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4769d8.9c8: 00007ffac647c000-00007ffac647efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4779d8.9c8: 00007ffac647f000-00007ffac64eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4789d8.9c8: 00007ffac64eb000-00007ffffffdffff 0x0001/0x0000 0x0000000
4799d8.9c8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
4809d8.9c8: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
4819d8.9c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4829d8.9c8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
4839d8.9c8: 00007ff77ca70162 / 0x0000162: 00 != 11
4849d8.9c8: 00007ff77ca70164 / 0x0000164: 00 != 14
4859d8.9c8: Restored 0x400 bytes of original file content at 00007ff77ca70000
4869d8.9c8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4879d8.9c8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
4889d8.9c8: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 32 sleeps
4899d8.9c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4909d8.9c8: *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000
4919d8.9c8: *00000000003e0000-00000000003fffff 0x0004/0x0004 0x0020000
4929d8.9c8: *0000000000400000-000000000043efff 0x0000/0x0004 0x0020000
4939d8.9c8: 000000000043f000-0000000000441fff 0x0004/0x0004 0x0020000
4949d8.9c8: 0000000000442000-00000000005fffff 0x0000/0x0004 0x0020000
4959d8.9c8: *0000000000600000-0000000000617fff 0x0002/0x0002 0x0040000
4969d8.9c8: 0000000000618000-000000000061ffff 0x0001/0x0000 0x0000000
4979d8.9c8: *0000000000620000-000000000071afff 0x0000/0x0004 0x0020000
4989d8.9c8: 000000000071b000-000000000071dfff 0x0104/0x0004 0x0020000
4999d8.9c8: 000000000071e000-000000000071ffff 0x0004/0x0004 0x0020000
5009d8.9c8: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
5019d8.9c8: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
5029d8.9c8: *0000000000730000-0000000000730fff 0x0004/0x0004 0x0020000
5039d8.9c8: 0000000000731000-000000007ffdffff 0x0001/0x0000 0x0000000
5049d8.9c8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5059d8.9c8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
5069d8.9c8: 000000007fff0000-00007ff77c4cffff 0x0001/0x0000 0x0000000
5079d8.9c8: *00007ff77c4d0000-00007ff77c4f2fff 0x0002/0x0002 0x0040000
5089d8.9c8: 00007ff77c4f3000-00007ff77ca6ffff 0x0001/0x0000 0x0000000
5099d8.9c8: *00007ff77ca70000-00007ff77ca70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5109d8.9c8: 00007ff77ca71000-00007ff77cae1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5119d8.9c8: 00007ff77cae2000-00007ff77cae2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5129d8.9c8: 00007ff77cae3000-00007ff77cb28fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5139d8.9c8: 00007ff77cb29000-00007ff77cb35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5149d8.9c8: 00007ff77cb36000-00007ff77cb7dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5159d8.9c8: 00007ff77cb7e000-00007ff77cb7ffff 0x0001/0x0000 0x0000000
5169d8.9c8: *00007ff77cb80000-00007ff77cb80fff 0x0004/0x0004 0x0020000
5179d8.9c8: 00007ff77cb81000-00007ffac630ffff 0x0001/0x0000 0x0000000
5189d8.9c8: *00007ffac6310000-00007ffac6310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5199d8.9c8: 00007ffac6311000-00007ffac641ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5209d8.9c8: 00007ffac6420000-00007ffac6464fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5219d8.9c8: 00007ffac6465000-00007ffac6468fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5229d8.9c8: 00007ffac6469000-00007ffac646cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5239d8.9c8: 00007ffac646d000-00007ffac647afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5249d8.9c8: 00007ffac647b000-00007ffac647bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5259d8.9c8: 00007ffac647c000-00007ffac647efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5269d8.9c8: 00007ffac647f000-00007ffac64eafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5279d8.9c8: 00007ffac64eb000-00007ffffffdffff 0x0001/0x0000 0x0000000
5289d8.9c8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
5299d8.9c8: supR3HardNtChildPurify: Done after 1047 ms and 1 fixes (loop #1).
5309d8.9c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
5319d8.9c8: supR3HardNtEnableThreadCreation:
532874.850: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
533874.850: supR3HardenedVmProcessInit: uNtDllAddr=00007ffac6310000 g_uNtVerCombined=0xa03ad700
534874.850: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
535874.850: New simple heap: #1 0000000000840000 LB 0x400000 (for 1945600 allocation)
536874.850: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
537874.850: System32: \Device\HarddiskVolume2\Windows\System32
538874.850: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
539874.850: KnownDllPath: C:\WINDOWS\System32
540874.850: supR3HardenedVmProcessInit: Opening vboxdrv...
541874.850: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
542874.850: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
543874.850: Registered Dll notification callback with NTDLL.
544874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
545874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
546874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
547874.850: supR3HardenedDllNotificationCallback: load 00007ffac2810000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
548874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
549874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
550874.850: supR3HardenedDllNotificationCallback: load 00007ffac3a70000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
551874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
552874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3a70000 'C:\WINDOWS\System32\KERNEL32.DLL'
553874.850: supR3HardenedDllNotificationCallback: load 00007ff77ca70000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
554874.850: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
555874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
556874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
557874.850: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac6389ac0 pvNtTerminateThread=00007ffac63b5df0
5589d8.9c8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
559874.850: \SystemRoot\System32\ntdll.dll:
560874.850: CreationTime: 2018-03-17T14:17:34.035666700Z
561874.850: LastWriteTime: 2017-09-05T05:26:19.169608500Z
562874.850: ChangeTime: 2018-03-17T14:26:51.160901600Z
563874.850: FileAttributes: 0x20
564874.850: Size: 0x1d7658
565874.850: NT Headers: 0xe0
566874.850: Timestamp: 0x8274fd8b
567874.850: Machine: 0x8664 - amd64
568874.850: Timestamp: 0x8274fd8b
569874.850: Image Version: 10.0
570874.850: SizeOfImage: 0x1db000 (1945600)
571874.850: Resource Dir: 0x170000 LB 0x69448
572874.850: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
573874.850: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
574874.850: ProductName: Microsoft® Windows® Operating System
575874.850: ProductVersion: 10.0.15063.608
576874.850: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
577874.850: FileDescription: NT Layer DLL
578874.850: \SystemRoot\System32\kernel32.dll:
579874.850: CreationTime: 2017-07-11T05:40:08.546207000Z
580874.850: LastWriteTime: 2017-07-11T05:40:08.546207000Z
581874.850: ChangeTime: 2018-03-17T14:23:35.557108600Z
582874.850: FileAttributes: 0x20
583874.850: Size: 0xad068
584874.850: NT Headers: 0xf8
585874.850: Timestamp: 0xf5fa43df
586874.850: Machine: 0x8664 - amd64
587874.850: Timestamp: 0xf5fa43df
588874.850: Image Version: 10.0
589874.850: SizeOfImage: 0xae000 (712704)
590874.850: Resource Dir: 0xac000 LB 0x520
591874.850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
592874.850: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
593874.850: ProductName: Microsoft® Windows® Operating System
594874.850: ProductVersion: 10.0.15063.296
595874.850: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
596874.850: FileDescription: Windows NT BASE API Client DLL
597874.850: \SystemRoot\System32\KernelBase.dll:
598874.850: CreationTime: 2018-03-17T14:17:20.455614500Z
599874.850: LastWriteTime: 2017-11-02T05:16:53.631004400Z
600874.850: ChangeTime: 2018-03-17T14:26:50.410930300Z
601874.850: FileAttributes: 0x20
602874.850: Size: 0x2499e8
603874.850: NT Headers: 0x100
604874.850: Timestamp: 0x1a9bbe0b
605874.850: Machine: 0x8664 - amd64
606874.850: Timestamp: 0x1a9bbe0b
607874.850: Image Version: 10.0
608874.850: SizeOfImage: 0x249000 (2396160)
609874.850: Resource Dir: 0x22a000 LB 0x548
610874.850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
611874.850: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
612874.850: ProductName: Microsoft® Windows® Operating System
613874.850: ProductVersion: 10.0.15063.726
614874.850: FileVersion: 10.0.15063.726 (WinBuild.160101.0800)
615874.850: FileDescription: Windows NT BASE API Client DLL
616874.850: \SystemRoot\System32\apisetschema.dll:
617874.850: CreationTime: 2017-03-18T20:57:35.373527900Z
618874.850: LastWriteTime: 2017-03-18T20:57:35.373527900Z
619874.850: ChangeTime: 2018-03-16T17:28:27.889461700Z
620874.850: FileAttributes: 0x20
621874.850: Size: 0x1ada0
622874.850: NT Headers: 0xc0
623874.850: Timestamp: 0x76544b2
624874.850: Machine: 0x8664 - amd64
625874.850: Timestamp: 0x76544b2
626874.850: Image Version: 10.0
627874.850: SizeOfImage: 0x1b000 (110592)
628874.850: Resource Dir: 0x1a000 LB 0x408
629874.850: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
630874.850: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
631874.850: ProductName: Microsoft® Windows® Operating System
632874.850: ProductVersion: 10.0.15063.0
633874.850: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
634874.850: FileDescription: ApiSet Schema DLL
635874.850: NtOpenDirectoryObject failed on \Driver: 0xc0000022
636874.850: supR3HardenedWinFindAdversaries: 0x3
637874.850: \SystemRoot\System32\drivers\SysPlant.sys:
638874.850: CreationTime: 2018-01-25T09:19:43.728868200Z
639874.850: LastWriteTime: 2018-01-25T09:19:43.744456000Z
640874.850: ChangeTime: 2018-03-20T08:55:47.455830300Z
641874.850: FileAttributes: 0x20
642874.850: Size: 0x30568
643874.850: NT Headers: 0xf0
644874.850: Timestamp: 0x59c4c3f0
645874.850: Machine: 0x8664 - amd64
646874.850: Timestamp: 0x59c4c3f0
647874.850: Image Version: 5.0
648874.850: SizeOfImage: 0x31000 (200704)
649874.850: Resource Dir: 0x2f000 LB 0x49c
650874.850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
651874.850: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
652874.850: ProductName: Symantec CMC Firewall
653874.850: ProductVersion: 14.0.3688.1000
654874.850: FileVersion: 14.0.3688.1000
655874.850: FileDescription: Symantec CMC Firewall SysPlant
656874.850: \SystemRoot\System32\sysfer.dll:
657874.850: CreationTime: 2018-01-25T09:19:43.728868200Z
658874.850: LastWriteTime: 2018-01-25T09:19:43.728868200Z
659874.850: ChangeTime: 2018-03-16T08:51:00.071331500Z
660874.850: FileAttributes: 0x20
661874.850: Size: 0x7bce8
662874.850: NT Headers: 0xf8
663874.850: Timestamp: 0x59c4c3fe
664874.850: Machine: 0x8664 - amd64
665874.850: Timestamp: 0x59c4c3fe
666874.850: Image Version: 0.0
667874.850: SizeOfImage: 0x92000 (598016)
668874.850: Resource Dir: 0x8e000 LB 0x490
669874.850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
670874.850: [Raw version resource data: 0x8e0b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
671874.850: ProductName: Symantec CMC Firewall
672874.850: ProductVersion: 14.0.3688.1000
673874.850: FileVersion: 14.0.3688.1000
674874.850: FileDescription: Symantec CMC Firewall sysfer
675874.850: \SystemRoot\System32\drivers\symevent64x86.sys:
676874.850: CreationTime: 2018-01-25T09:19:54.777734500Z
677874.850: LastWriteTime: 2018-03-20T08:56:00.025251300Z
678874.850: ChangeTime: 2018-03-22T07:56:11.314071200Z
679874.850: FileAttributes: 0x20
680874.850: Size: 0x190d0
681874.850: NT Headers: 0xe0
682874.850: Timestamp: 0x584f629e
683874.850: Machine: 0x8664 - amd64
684874.850: Timestamp: 0x584f629e
685874.850: Image Version: 6.2
686874.850: SizeOfImage: 0x23000 (143360)
687874.850: Resource Dir: 0x21000 LB 0x3c8
688874.850: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
689874.850: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
690874.850: ProductName: SYMEVENT
691874.850: ProductVersion: 14.0.4.16
692874.850: FileVersion: 14.0.4.16
693874.850: FileDescription: Symantec Event Library
694874.850: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
695874.850: Calling main()
696874.850: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
697874.850: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
698874.850: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
699874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
700874.850: SUPR3HardenedMain: Final process, opening VBoxDrv...
701874.850: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000840000 LB 0x400000)
702874.850: supR3HardNtEnableThreadCreation:
703874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
704874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
705874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
706874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
707874.850: supR3HardenedDllNotificationCallback: load 00007ffab9900000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
708874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
709874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
710874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
711874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9900000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
712874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
713874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
714874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9900000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
715874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9900000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
716874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
717874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
718874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
719874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
720874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
721874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
722874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
723874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
724874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
725874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
726874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
727874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
728874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
729874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
730874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
731874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
732874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
733874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
734874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
735874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
736874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
737874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
738874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
739874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
740874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
741874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
742874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
743874.850: supR3HardenedDllNotificationCallback: load 00007ffac44d0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
744874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
745874.850: supR3HardenedDllNotificationCallback: load 00007ffac2760000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
746874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
747874.850: supR3HardenedDllNotificationCallback: load 00007ffac3690000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
748874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
749874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
750874.850: supR3HardenedDllNotificationCallback: load 00007ffac2ab0000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
751874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
752874.850: supR3HardenedDllNotificationCallback: load 00007ffac5bb0000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
753874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
754874.850: supR3HardenedDllNotificationCallback: load 00007ffac6200000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
755874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
756874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
757874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
758874.850: supR3HardenedDllNotificationCallback: load 00007ffac6260000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
759874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
760874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
761874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
762874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
763874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
764874.850: supR3HardenedDllNotificationCallback: load 00007ffac2d30000 LB 0x00057000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
765874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
766874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
767874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
768874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-synch-l1-2-0'
769874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
770874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
771874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-fibers-l1-1-1'
772874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
773874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
774874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-fibers-l1-1-1'
775874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
776874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
777874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-synch-l1-2-0'
778874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
779874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
780874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-localization-l1-2-1'
781874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\WINDOWS\system32\Wintrust.dll'
782874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
783874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
784874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
785874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
786874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
787874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
788874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
789874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
790874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
791874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
792874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
793874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
794874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
795874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
796874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
797874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
798874.850: supR3HardenedDllNotificationCallback: load 00007ffac2320000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
799874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
800874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2320000 'C:\WINDOWS\system32\bcrypt.dll'
801874.850: bcrypt.dll loaded at 00007ffac2320000, BCryptOpenAlgorithmProvider at 00007ffac2324aa0, preloading providers:
802874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
803874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
804874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
805874.850: supR3HardenedDllNotificationCallback: load 00007ffac2d90000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
806874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
807874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d90000 'C:\WINDOWS\system32\bcryptprimitives.dll'
808874.850: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000c6b9d0)
809874.850: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000c70db0)
810874.850: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c71080)
811874.850: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c71350)
812874.850: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c71620)
813874.850: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c718f0)
814874.850: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c71bc0)
815874.850: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c71e90)
816874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
817874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
818874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
819874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
820874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
821874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
822874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
823874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
824874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
825874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
826874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
827874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
828874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
829874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
830874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
831874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
832874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
833874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
834874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
835874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
836874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
837874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
838874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
839874.850: supR3HardenedDllNotificationCallback: load 00007ffac2210000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
840874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
841874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
842874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
843874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
844874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
845874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
846874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
847874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
848874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
849874.850: supR3HardenedDllNotificationCallback: load 00007ffac1ca0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
850874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
851874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
852874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
853874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
854874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
855874.850: supR3HardenedDllNotificationCallback: load 00007ffac2230000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
856874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
857874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
858874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
859874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
860874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
861874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
862874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3a70000 'C:\WINDOWS\System32\kernel32.dll'
863874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
864874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
865874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
866874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
867874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\CRYPT32.dll'
868874.850: supR3HardenedDllNotificationCallback: load 00007ffac3a40000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
869874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
870874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
871874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
872874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
873874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
874874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
875874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
876874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
877874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
878874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
879874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll)
880874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
881874.850: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001f4 (hFile=00000000000001e8) with 0xc0000022 -> STATUS_TRUST_FAILURE
882874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
883874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
884874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
885874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
886874.850: supR3HardenedDllNotificationCallback: load 00007ffac15c0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
887874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
888874.850: supR3HardenedDllNotificationCallback: load 00007ffac27f0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
889874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
890874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
891874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
892874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
893874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
894874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
895874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
896874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
897874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
898874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
899874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
900874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
901874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
902874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
903874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
904874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
905874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
906874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
907874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
908874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
909874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
910874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
911874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
912874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
913874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
914874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
915874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
916874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
917874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
918874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
919874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
920874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
921874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
922874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
923874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
924874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
925874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
926874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
927874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
928874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
929874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
930874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
931874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
932874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
933874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
934874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
935874.850: supR3HardenedDllNotificationCallback: load 00007ffab9940000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
936874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
937874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
938874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
939874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
940874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
941874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
942874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
943874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
944874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
945874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
946874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
947874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
948874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
949874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
950874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
951874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
952874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
953874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
954874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
955874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
956874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
957874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
958874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
959874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
960874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
961874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
962874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
963874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
964874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
965874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\WINDOWS\System32\cryptnet.dll'
966874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
967874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab9940000 'C:\Windows\System32\cryptnet.dll'
968874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
969874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
970874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
971874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
972874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
973874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
974874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
975874.850: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d246e0
976874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
977874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD38255A6DCCC09B45A72579827544B1B25F4681
978874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
979874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
980874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac5bb0000 'C:\WINDOWS\System32\rpcrt4.dll'
981874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
982874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
983874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
984874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
985874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
986874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
987874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
988874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
989874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
990874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
991874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
992874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
993874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
994874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
995874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\Windows\System32\WINTRUST.DLL'
996874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
997874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
998874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
999874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1000874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1001874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1002874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2220_for_KB4074592~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\SystemRoot\System32\ntdll.dll'
1003874.850: g_pfnWinVerifyTrust=00007ffac2d3d3e0
1004874.850: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1005874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1006874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1007874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1008874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1009874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1010874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1011874.850: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1012874.850: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1013874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1014874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1015874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1016874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1017874.850: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1018874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1019874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1020874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1021874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1022874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
1023874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1024874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1025874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1026874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
1027874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1028874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1029874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1030874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1031874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1032874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
1033874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
1034874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
1035874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1036874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1037874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1038874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1039874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1040874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1041874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1042874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1043874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1044874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1045874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1046874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1047874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1048874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1049874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll
1050874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
1051874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
1052874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E3EA9BEFE875CD90A66DCBEEF4C761ACAC3755E
1053874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1054874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1055874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1056874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1057874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1058874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1661_for_KB4074592~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
1059874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1060874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ngcrecovery.dll'
1061874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1062874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1063874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1064874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1065874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1066874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1067874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1068874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1069874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1070874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1071874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1072874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1073874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1074874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1075874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1076874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1077874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1078874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1079874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1080874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1081874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1082874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1083874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1084874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1085874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1086874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1087874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1088874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1089874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1090874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1091874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
1092874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1093874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1094874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1095874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1096874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1097874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1098874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1099874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1100874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1101874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1102874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1103874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1104874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1105874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1106874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1107874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1108874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1109874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1110874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1111874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\system32\crypt32.dll'
1112874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1113874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1114874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1115874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf55e55c2c41bb100 C=US, O=Informatica, CN=Informatica Root CA
1116874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1117874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1118874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x3ab0f0b15eb2df00 C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, Email=admin@goldenfrog.com
1119874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1120874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1121874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1122874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf55e55c2c41bb100 C=US, O=Informatica, CN=Informatica Root CA
1123874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1124874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1125874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
1126874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1127874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1128874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1129874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1130874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1131874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1132874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1133874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1134874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1135874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1136874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1137874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1138874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1139874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
1140874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1141874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1142874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x923f2c0a09ccd400 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
1143874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1144874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1145874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
1146874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1147874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1148874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1149874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1150874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1151874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1152874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1153874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1154874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1155874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1156874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x363d9b00b34fcb00 C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
1157874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1158874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1159874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1160874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1161874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1162874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1163874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1164874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
1165874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1166874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1167874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1168874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1169874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1170874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1171874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1172874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1173874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x472b13935b4fde00 O=VMware, Inc., OU=WebClient_2014.12.03_172204, CN=EMEAVCENTER5-5, Email=support@vmware.com
1174874.850: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server SHA256 SSL CA
1175874.850: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: CN=emeavmview01.informatica.com, CN=emeaview.informatica.com
1176874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf55e55c2c41bb100 C=US, O=Informatica, CN=Informatica Root CA
1177874.850: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: CN=emeavmview02.informatica.com, CN=emeaview.informatica.com
1178874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xdd11d1acda05d900 CN=CA, CN=EMEAVCENTERSSO1, dc=vsphere,dc=local, C=US
1179874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x34a3fdca2d22ce00 O=VMware, Inc., OU=vCenterServer_2014.12.04_131733, CN=EMEAVCENTER5-5.informatica.com, Email=support@vmware.com
1180874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1181874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf55e55c2c41bb100 C=US, O=Informatica, CN=Informatica Root CA
1182874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x47dc09012f70cb00 DC=com, DC=informatica, CN=E2K3Cert
1183874.850: supR3HardenedWinIsDesiredRootCA: Adding 0xf55e55c2c41bb100 C=US, O=Informatica, CN=Informatica Root CA
1184874.850: supR3HardenedWinIsDesiredRootCA: Adding 0x239806646862d700 CN=informatica-IRW12DQD12-CA
1185874.850: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=70
1186874.850: SUPR3HardenedMain: Load Runtime...
1187874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1188874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1189874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1190874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1191874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1192874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1193874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1194874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1195874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1196874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1197874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1198874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1199874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1200874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1201874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1202874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1203874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1204874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1205874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1206874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1207874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1208874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1209874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1210874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1211874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1212874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1213874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1214874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1215874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1216874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1217874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1218874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1219874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1220874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1221874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1222874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1223874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1224874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1225874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1226874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1227874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1228874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1229874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1230874.850: supR3HardenedDllNotificationCallback: load 0000000064800000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1231874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1232874.850: supR3HardenedDllNotificationCallback: load 0000000064760000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1233874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1234874.850: supR3HardenedDllNotificationCallback: load 00007ffac39c0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1235874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1236874.850: supR3HardenedDllNotificationCallback: load 00007ffa8bb60000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1237874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1238874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1239874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1240874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1241874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1242874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1243874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1244874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1245874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1246874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1247874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1248874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1249874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1250874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1251874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1252874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1253874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1254874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1255874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1256874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1257874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1259874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1260874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1261874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1262874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1263874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1264874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1265874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1266874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1267874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1268874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1269874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1270874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1271874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1272874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1273874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1274874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1275874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1276874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1277874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1278874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1279874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1280874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1281874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1282874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1283874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1284874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1285874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1286874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1287874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1288874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bb60000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1289874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2d30000 'C:\WINDOWS\system32\Wintrust.dll'
1290874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1291874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1292874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1293874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1294874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\system32\crypt32.dll'
1295874.850: SUPR3HardenedMain: Load TrustedMain...
1296874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1297874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1298874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1299874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1300874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1301874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1302874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1303874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1304874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1305874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1306874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1307874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1308874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1309874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1310874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1311874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1312874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1313874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1314874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1315874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1316874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1317874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1318874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1319874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1320874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1321874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1322874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1323874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1324874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1325874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1326874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1327874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1328874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1329874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1330874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1331874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1332874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1333874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1334874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1335874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1336874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1337874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1338874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1339874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1340874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1341874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1342874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1343874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1344874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1345874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1346874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1347874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1348874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1349874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1350874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1351874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
1352874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1353874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1354874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1355874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1356874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1357874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1358874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1359874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1360874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1361874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1362874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1363874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1364874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
1365874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
1366874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
1367874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
1368874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1369874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1370874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1371874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1372874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1373874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1374874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1375874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1376874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1377874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1378874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1379874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1380874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1381874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1382874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1383874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1384874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1385874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1386874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1387874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1388874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1389874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1390874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1391874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1392874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1393874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1394874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1395874.850: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1396874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1397874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1398874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1399874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1400874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1401874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
1402874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
1403874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1404874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1405874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1406874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1407874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1408874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1409874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1410874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1411874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1412874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1413874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1414874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1415874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1416874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1417874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1418874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1419874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1420874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1421874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1422874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1423874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1424874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1425874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1426874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1427874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1428874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1429874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1430874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1431874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1432874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1433874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1434874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1435874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1436874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1437874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1438874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1439874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1440874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1441874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1442874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1443874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1444874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1445874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1446874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1447874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1448874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1449874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1450874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1451874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1452874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1453874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1454874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1455874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1456874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1457874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1458874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1459874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1460874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1461874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1462874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1463874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1464874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1465874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1466874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1467874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1468874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1469874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1470874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1471874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1472874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1473874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1474874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1475874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1476874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1477874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1478874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1479874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1480874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1481874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1482874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1483874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1484874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1485874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1486874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1487874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1488874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1489874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1490874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1491874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1492874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1493874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1494874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1495874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1496874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1497874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1498874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1499874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1500874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1501874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1502874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1503874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1504874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1505874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1506874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1507874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1508874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1509874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1510874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1511874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1512874.850: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1513874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1514874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1515874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1516874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1517874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1518874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1519874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1520874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1521874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1522874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1523874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1524874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1525874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1526874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1527874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1528874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1529874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1530874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1531874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1532874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1533874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1534874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1535874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1536874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1537874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1538874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1539874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1540874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1541874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1542874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1543874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1544874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1545874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1546874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1547874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1548874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1549874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1550874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1551874.850: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1552874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1553874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1554874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1555874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1556874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1557874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1558874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1559874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1560874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1561874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1562874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1563874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1564874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1565874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1566874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1567874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1568874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1569874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1570874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1571874.850: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1572874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1573874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1574874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1575874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1576874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1577874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1578874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1579874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1580874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1581874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1582874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1583874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1584874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1585874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1586874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1587874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1588874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1589874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1590874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1591874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1592874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1593874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1594874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1595874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1596874.850: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1597874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1598874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1599874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
1600874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1601874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
1602874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
1603874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1604874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1605874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1606874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1607874.850: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1608874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1609874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
1610874.850: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1611874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1612874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1613874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1614874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1615874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1616874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1617874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1618874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1619874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1620874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1621874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1622874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1623874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1624874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1625874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1626874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1627874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1628874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1629874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1630874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1631874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1632874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1633874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1634874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1635874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1636874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1637874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1638874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1639874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1640874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1641874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1642874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1643874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1644874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1645874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1646874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1647874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1648874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1649874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1650874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
1651874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
1652874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1653874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1654874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1655874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1656874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1657874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1658874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1659874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1660874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1661874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1662874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1663874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1664874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1665874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1666874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1667874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1668874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1669874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1670874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1671874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1672874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1673874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1674874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1675874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1676874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1677874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1678874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1679874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1680874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1681874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1682874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1683874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1684874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1685874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1686874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1687874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1688874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1689874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1690874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1691874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1692874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1693874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1695874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1696874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1697874.850: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1698874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1699874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
1700874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
1701874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
1702874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1703874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1704874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1705874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1706874.850: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1707874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1708874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1709874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1710874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1711874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1712874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1713874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1714874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1715874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1716874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1717874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1718874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1719874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1720874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1721874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1722874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
1723874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
1724874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1725874.850: supR3HardenedDllNotificationCallback: load 00007ffac3790000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1726874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1727874.850: supR3HardenedDllNotificationCallback: load 00007ffac37b0000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1728874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1729874.850: supR3HardenedDllNotificationCallback: load 00007ffac3500000 LB 0x00187000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1730874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1731874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
1732874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
1733874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
1734874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1735874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1736874.850: supR3HardenedDllNotificationCallback: load 00007ffac44a0000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1737874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1738874.850: supR3HardenedDllNotificationCallback: load 00007ffac3e90000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1739874.850: supR3HardenedDllNotificationCallback: load 00007ffa9faf0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1740874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1741874.850: supR3HardenedDllNotificationCallback: load 00007ffa9be90000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1742874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1743874.850: supR3HardenedDllNotificationCallback: load 00007ffac2a60000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1744874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1745874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1746874.850: supR3HardenedDllNotificationCallback: load 00007ffac3b90000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1747874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1748874.850: supR3HardenedDllNotificationCallback: load 00007ffac3850000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1749874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1750874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
1751874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
1752874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1753874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1754874.850: supR3HardenedDllNotificationCallback: load 00007ffac3b30000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1755874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1756874.850: supR3HardenedDllNotificationCallback: load 00007ffac27d0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1757874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1758874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1759874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1760874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1761874.850: supR3HardenedDllNotificationCallback: load 00007ffac2780000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1762874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1763874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1764874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1765874.850: supR3HardenedDllNotificationCallback: load 00007ffac2e00000 LB 0x006f1000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1766874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1767874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
1768874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
1769874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
1770874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1771874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1772874.850: supR3HardenedDllNotificationCallback: load 00007ffac4600000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1773874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1774874.850: supR3HardenedDllNotificationCallback: load 00007ffac40f0000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1775874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1776874.850: supR3HardenedDllNotificationCallback: load 00007ffab3a30000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1777874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1778874.850: supR3HardenedDllNotificationCallback: load 0000000062950000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1779874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1780874.850: supR3HardenedDllNotificationCallback: load 00007ffa8ab50000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1781874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1782874.850: supR3HardenedDllNotificationCallback: load 0000000062030000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1783874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1784874.850: supR3HardenedDllNotificationCallback: load 00007ffabe690000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1785874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1786874.850: supR3HardenedDllNotificationCallback: load 00007ffaaac30000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
1787874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
1788874.850: supR3HardenedDllNotificationCallback: load 00007ffac3fe0000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1789874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1790874.850: supR3HardenedDllNotificationCallback: load 00007ffab7160000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1791874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1792874.850: supR3HardenedDllNotificationCallback: load 0000000064700000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1793874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1794874.850: supR3HardenedDllNotificationCallback: load 00007ffac3900000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1795874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1796874.850: supR3HardenedDllNotificationCallback: load 00007ffab71d0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1797874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1798874.850: supR3HardenedDllNotificationCallback: load 00007ffab7200000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1799874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1800874.850: supR3HardenedDllNotificationCallback: load 00007ffa8b150000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1801874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1802874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1803874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1804874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1805874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1806874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1807874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1808874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1809874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1810874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1811874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1812874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1813874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1814874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
1815874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
1816874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1817874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1818874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1819874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1820874.850: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1821874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1822874.850: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1823874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1824874.850: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1825874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1826874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1827874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1828874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1829874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1830874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1831874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1832874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1833874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1834874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1835874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1836874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1837874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1838874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1839874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1840874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1841874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1842874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1843874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1844874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1845874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1846874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1847874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1848874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1849874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1850874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1851874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1852874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1853874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1854874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1855874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1856874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1857874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1858874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1859874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1860874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1861874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1862874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1863874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1864874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1865874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1866874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1867874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1868874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1869874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1870874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1871874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1872874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1873874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1874874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1875874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1876874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1877874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1878874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1879874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1880874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1881874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1882874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1883874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1884874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1885874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1886874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1887874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1888874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1889874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1890874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3a70000 'C:\WINDOWS\System32\kernel32.dll'
1891874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1892874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1893874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-string-l1-1-0'
1894874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1895874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1896874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-datetime-l1-1-1'
1897874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1898874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1899874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-localization-obsolete-l1-2-0'
1900874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1901874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1902874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
1903874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1904874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1905874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1906874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1907874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1908874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1909874.850: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1910874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1911874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1912874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1913874.850: supR3HardenedDllNotificationCallback: load 00007ffac45d0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1914874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1915874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac45d0000 'C:\WINDOWS\system32\IMM32.DLL'
1916874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1917874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1918874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1919874.850: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1920874.850: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
1921874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1922874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac45d0000 'C:\WINDOWS\System32\imm32.dll'
1923874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1924874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1925874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6260000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1926874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8b150000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1927874.850: SUPR3HardenedMain: Calling TrustedMain (00007ffa8b1514f0)...
1928874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1929874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1930874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1931874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1932874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1933874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1934874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1935874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1936874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1937874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1938874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1939874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1940874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1941874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1942874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1943874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1944874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1945874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1946874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1947874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1948874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1949874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1950874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1951874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1952874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1953874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1954874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1955874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1956874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1957874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1958874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1959874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1960874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1961874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1962874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1963874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1964874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1965874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1966874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1967874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1968874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1969874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1970874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1971874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1972874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1973874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1974874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1975874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1976874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1977874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1978874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1979874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1980874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1981874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1982874.850: supR3HardenedDllNotificationCallback: load 00007ffa959b0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1983874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1984874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa959b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1985874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1986874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
1987874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
1988874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
1989874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
1990874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
1991874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1992874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1993874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1994874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
1995874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1996874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1997874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1998874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1999874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2000874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2001874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2002874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2003874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2004874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2005874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2006874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2007874.850: supR3HardenedDllNotificationCallback: load 00007ffac0f40000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2008874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2009874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0f40000 'C:\WINDOWS\system32\uxtheme.dll'
2010874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3e90000 'C:\WINDOWS\system32\user32.dll'
2011874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2012874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2013874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4600000 'C:\WINDOWS\system32\shell32.dll'
2014874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
2015874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2016874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2017874.850: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
2018874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2019874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3850000 'C:\WINDOWS\system32\SHCore.dll'
2020874.850: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2021874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2022874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3e90000 'C:\WINDOWS\system32\user32.dll'
2023874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2024874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
2025874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
2026874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
2027874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
2028874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2029874.850: supR3HardenedDllNotificationCallback: load 00007ffaa9750000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2030874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2031874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2032874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2033874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2034874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2035874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2036874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2037874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2038874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2039874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2040874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2041874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2042874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2043874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2044874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2045874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7200000 'C:\WINDOWS\system32\winmm.dll'
2046874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2047874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2048874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7200000 'C:\WINDOWS\system32\winmm.dll'
2049874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2050874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2051874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4600000 'C:\WINDOWS\system32\shell32.dll'
2052874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2053874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2054874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0f40000 'C:\WINDOWS\system32\uxtheme.dll'
2055874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2056874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2057874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6260000 'C:\WINDOWS\system32\advapi32.dll'
2058874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2059874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2060874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2061874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
2062874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
2063874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2064874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2065874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2066874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2067874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2068874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2069874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2070874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2071874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2072874.850: supR3HardenedDllNotificationCallback: load 00007ffac2690000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2073874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2074874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2690000 'C:\WINDOWS\system32\userenv.dll'
2075874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2076874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2077874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3a70000 'C:\WINDOWS\System32\kernel32.dll'
2078874.850: supR3HardenedDllNotificationCallback: load 00007ffac43e0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2079874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2080874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2081874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2082874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2083874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2084874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2085874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2086874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2087874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2088874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2089874.a68: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2090874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2091874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2092874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2093874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2094874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2095874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2096874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2097874.a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2098874.a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2099874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2100874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2101874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2102874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2103874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2104874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2105874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2106874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2107874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2108874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2109874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2110874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2111874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2112874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2113874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2114874.a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2115874.a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2116874.a68: supR3HardenedDllNotificationCallback: load 00007ffa8a600000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2117874.a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2118874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8a600000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2119874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2120874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2121874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2122874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2123874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2124874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2125874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2126874.a68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2127874.a68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2128874.a68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2129874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2130874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2131874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2132874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2133874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2134874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2135874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2136874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2137874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2138874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2139874.a68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2140874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2141874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2142874.a68: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
2143874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2144874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2145874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2146874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2147874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2148874.a68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2149874.a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2150874.a68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2151874.a68: supR3HardenedDllNotificationCallback: load 00007ffaa3fb0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2152874.a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2153874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3fb0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2154874.a68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2155874.a68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2156874.a68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3900000 'C:\Windows\System32\oleaut32.dll'
2157874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2158874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2159874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac44a0000 'C:\WINDOWS\system32\gdi32.dll'
2160874.b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2161874.b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2162874.b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2163874.b50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2164874.b50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2165874.b50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2166874.b50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2167874.b50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2168874.b50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2169874.b50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2170874.b50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2171874.b50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2172874.b50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2173874.b50: supR3HardenedDllNotificationCallback: load 00007ffab7c90000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2174874.b50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2175874.b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7c90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2176874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2177874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2178874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4600000 'C:\WINDOWS\system32\shell32.dll'
2179874.850: supR3HardenedDllNotificationCallback: load 00007ffac5a40000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2180874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2181874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
2182874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2183874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
2184874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
2185874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2186874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2187874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2188874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2189874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2190874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2191874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2192874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2193874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2194874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2195874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2196874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2197874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2198874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2199874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2200874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2201874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2202874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2203874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2204874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2205874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2206874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2207874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
2208874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2209874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2210874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2211874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2212874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2213874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2214874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
2215874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
2216874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
2217874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2218874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2219874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2220874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2221874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2222874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2223874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2224874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2225874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2226874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2227874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2228874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2229874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2230874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2231874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2232874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2233874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2234874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2235874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2236874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2237874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
2238874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
2239874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2240874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2241874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2242874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2243874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
2244874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2245874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2246874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2247874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2248874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2249874.850: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2250874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2251874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2252874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
2253874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2254874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2255874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2256874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2257874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2258874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2259874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2260874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2261874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2262874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2263874.850: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
2264874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2265874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2266874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2267874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2268874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2269874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2270874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2271874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2272874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2273874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2274874.850: supR3HardenedDllNotificationCallback: load 00007ffac1640000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2275874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2276874.850: supR3HardenedDllNotificationCallback: load 00007ffab7f20000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2277874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2278874.850: supR3HardenedDllNotificationCallback: load 00007ffab8eb0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2279874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2280874.850: supR3HardenedDllNotificationCallback: load 00007ffaa1210000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2281874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2282874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa1210000 'C:\WINDOWS\system32\dataexchange.dll'
2283874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2284874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2285874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
2286874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2287874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2288874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
2289874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
2290874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2291874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2292874.850: supR3HardenedDllNotificationCallback: load 00007ffac1220000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2293874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2294874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2295874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
2296874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
2297874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2298874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2299874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2300874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
2301874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
2302874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2303874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2304874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2305874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2306874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2307874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2308874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2309874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2310874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
2311874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2312874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
2313874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2314874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2315874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2316874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2317874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll)
2318874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll
2319874.850: supR3HardenedDllNotificationCallback: load 00007ffac1900000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2320874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2321874.850: supR3HardenedDllNotificationCallback: load 00007ffab97d0000 LB 0x000e4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2322874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2323874.850: supR3HardenedDllNotificationCallback: load 00007ffabfe70000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2324874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2325874.850: supR3HardenedDllNotificationCallback: load 00007ffabfba0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
2326874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
2327874.850: supR3HardenedDllNotificationCallback: load 00007ffaaaf20000 LB 0x002d3000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2328874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2329874.850: supR3HardenedDllNotificationCallback: load 00007ffaa8d70000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2330874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2331874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2332874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2333874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2334874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2335874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2336874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2337874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2338874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2339874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2340874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2341874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2342874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2343874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2344874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2345874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2346874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2347874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2348874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2349874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2350874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2351874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2352874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2353874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2354874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2355874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2356874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2357874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2358874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2359874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2360874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2361874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2362874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2363874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2364874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2365874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2366874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2367874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2368874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2369874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2370874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2371874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2372874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2373874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2374874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2375874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usermgrcli.dll'
2376874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2377874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2378874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2379874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2380874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2381874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2382874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2383874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2384874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2385874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2386874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2387874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2388874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2389874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2390874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2391874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2392874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2393874.850: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2394874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2395874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2396874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3900000 'C:\WINDOWS\System32\OLEAUT32.DLL'
2397874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2398874.850: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2399874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3e90000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2400874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2401874.850: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2402874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3e90000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2403874.850: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2404874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2405874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
2406874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2407874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3b90000 'api-ms-win-core-com-l1-1-1.dll'
2408874.850: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2409874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2410874.850: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2411874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2412874.850: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
2413874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
2414874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2415874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2416874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac5a40000 'C:\WINDOWS\System32\MSCTF.dll'
2417874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2418874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2419874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac40f0000 'C:\WINDOWS\System32\ole32.dll'
2420874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2421874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2422874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3900000 'C:\WINDOWS\System32\OLEAUT32.dll'
2423874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b10 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2424874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2425874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2426874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
2427874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2428874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2429874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2430874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2431874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2432874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2433874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2434874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2435874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2436874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2437874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2438874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2439874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2440874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2441874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
2442874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2443874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2444874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2445874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2446874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2447874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2448874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2449874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2450874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2451874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2452874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2453874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2454874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2455874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2456874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2457874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2458874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2459874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2460874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2461874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2462874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2463874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2464874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2465874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2466874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2467874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2468874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2469874.850: supR3HardenedDllNotificationCallback: load 00007ffabcbd0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2470874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2471874.850: supR3HardenedDllNotificationCallback: load 00007ffabce90000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2472874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2473874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2474874.850: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2475874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2476874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabce90000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2477874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2478874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2479874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2480874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
2481874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2482874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2483874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2484874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2485874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2486874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2487874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2488874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2489874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2490874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2491874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2492874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2493874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2494874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2495874.850: supR3HardenedDllNotificationCallback: load 00007ffabc380000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2496874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2497874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc380000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2498874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2499874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2500874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-localization-l1-2-0.dll'
2501874.850: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2502874.850: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2503874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2810000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2504874.850: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b7c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2505874.850: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2506874.850: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2507874.850: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
2508874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2509874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2510874.850: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2511874.850: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2512874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2513874.850: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2514874.850: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2515874.850: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2516874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2517874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2518874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2519874.850: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2520874.850: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2521874.850: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2522874.850: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2523874.850: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2524874.850: supR3HardenedDllNotificationCallback: load 00007ffabc480000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2525874.850: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2526874.850: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc480000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2527874.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2528874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2529874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2530874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2531874.198c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2532874.198c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2533874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2534874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2535874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2536874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2537874.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2538874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2539874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2540874.198c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2541874.198c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2542874.198c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2543874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2544874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2545874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2546874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2547874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2548874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2549874.198c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2550874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2551874.198c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2552874.198c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2553874.198c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2554874.198c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2555874.198c: supR3HardenedDllNotificationCallback: load 00000000645f0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2556874.198c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2557874.198c: supR3HardenedDllNotificationCallback: load 00007ffa90870000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2558874.198c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2559874.198c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2560874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2561874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd0 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2562874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
2563874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
2564874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1E5A9ACAE97AEA2587277AEA0A8C325D8569A5A4
2565874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2566874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2567874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
2568874.10ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2569874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2570874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2571874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'oleaut32.dll'.
2572874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'ws2_32.dll'.
2573874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'netsetupapi.dll'.
2574874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'setupapi.dll'.
2575874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2576874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2577874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2578874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2579874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2580874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2581874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2582874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2583874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
2584874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2585874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2586874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2587874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2588874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2589874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2590874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2591874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2592874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2593874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2594874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2595874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2596874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2597874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2598874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2599874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2600874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2601874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2602874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2603874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2604874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2605874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2606874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2607874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2608874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2609874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2610874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
2611874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2612874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2613874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2614874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2615874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2616874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2617874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2618874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabc6f0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2619874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2620874.10ec: supR3HardenedDllNotificationCallback: load 00007ffac5dc0000 LB 0x0043b000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
2621874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2622874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabc050000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2623874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2624874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc050000 'C:\Windows\System32\NetSetupShim.dll'
2625874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2626874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2627874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2628874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2629874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
2630874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
2631874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
2632874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2633874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2634874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2635874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2636874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2637874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2638874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2639874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2640874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2641874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2642874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2643874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2644874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2645874.10ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
2646874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2647874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2648874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2649874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2650874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2651874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2652874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
2653874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2654874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2655874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2656874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2657874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2658874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2659874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2660874.10ec: supR3HardenedDllNotificationCallback: load 00007ffac3a30000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2661874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
2662874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabf630000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2663874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2664874.10ec: supR3HardenedDllNotificationCallback: load 00007ffab78a0000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
2665874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2666874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab78a0000 'C:\Windows\System32\NetSetupEngine.dll'
2667874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2668874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2669874.10ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2670874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffab78a0000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
2671874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffabf630000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
2672874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffac3a30000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
2673874.27e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2674874.27e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2675874.27e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2676874.27e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2677874.27e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2678874.27e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2679874.27e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2680874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2681874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2682874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2683874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2684874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2685874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2686874.27e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2687874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2688874.27e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2689874.27e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2690874.27e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2691874.27e0: supR3HardenedDllNotificationCallback: load 00007ffab1f40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2692874.27e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2693874.27e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1f40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2694874.27e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3e90000 'C:\WINDOWS\system32\User32.dll'
2695874.9ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2696874.9ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2697874.9ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2698874.9ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2699874.9ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2700874.9ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2701874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2702874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2703874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2704874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2705874.9ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2706874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2707874.9ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2708874.9ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2709874.9ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2710874.9ec: supR3HardenedDllNotificationCallback: load 00007ffab1e60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2711874.9ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2712874.9ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e60000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2713874.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2714874.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2715874.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2716874.9dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2717874.9dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2718874.9dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2719874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2720874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2721874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2722874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2723874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2724874.9dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2725874.9dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2726874.9dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2727874.9dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2728874.9dc: supR3HardenedDllNotificationCallback: load 00007ffab1e50000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2729874.9dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2730874.9dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2731874.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2732874.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2733874.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2734874.9fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2735874.9fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2736874.9fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2737874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2738874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2739874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2740874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2741874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2742874.9fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2743874.9fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2744874.9fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2745874.9fc: supR3HardenedDllNotificationCallback: load 00007ffab1e40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2746874.9fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2747874.9fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2748874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4600000 'C:\WINDOWS\system32\Shell32.dll'
2749874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2750874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2751874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2752874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2753874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2754874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2755874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2756874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2757874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2758874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2759874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2760874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2761874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2762874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2763874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2764874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2765874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2766874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2767874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2768874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2769874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2770874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2771874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2772874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2773874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa4090000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2774874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2775874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa4090000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2776874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa4090000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2777874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2778874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2779874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2780874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2781874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2782874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2783874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2784874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2785874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2786874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2787874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2788874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2789874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2790874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2791874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2792874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2793874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2794874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
2795874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2796874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2797874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2798874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2799874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2800874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2801874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2802874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2803874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2804874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2805874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2806874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2807874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2808874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2809874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2810874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2811874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2812874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2813874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2814874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2815874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2816874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2817874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2818874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2819874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2820874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2821874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2822874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2823874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2824874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2825874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2826874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2827874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2828874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2829874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2830874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2831874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2832874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2833874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2834874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2835874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2836874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2837874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2838874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2839874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2840874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2841874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2842874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2843874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2844874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2845874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2846874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2847874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2848874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2849874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2850874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2851874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa1c50000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2852874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2853874.10ec: supR3HardenedDllNotificationCallback: load 00007ffa95620000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2854874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2855874.10ec: supR3HardenedDllNotificationCallback: load 00007ffac1e10000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2856874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2857874.10ec: supR3HardenedDllNotificationCallback: load 00007ffa89c30000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2858874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2859874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa89c30000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2860874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2861874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2862874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2863874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2864874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa4090000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2865874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2866874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa4090000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2867874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2868874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2869874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2870874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8a600000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2871874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2872874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2873874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2874874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa95620000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2875874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2876874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2877874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2878874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2879874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2880874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2881874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2882874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2883874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2884874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2885874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2886874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2887874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa8f20000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2888874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2889874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa8f20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2890874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2891874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2892874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2893874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2894874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2895874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2896874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2897874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2898874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2899874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2900874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2901874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2902874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa4d20000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2903874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2904874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa4d20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2905874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2906874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2907874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2908874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2909874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2910874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2911874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2912874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2913874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2914874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2915874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2916874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2917874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa47d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2918874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2919874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa47d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2920874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2921874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2922874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2923874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2924874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2925874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2926874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2927874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2928874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2929874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2930874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2931874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2932874.10ec: supR3HardenedDllNotificationCallback: load 00007ffaa47b0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2933874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2934874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa47b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2935874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2936874.27e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2937874.27e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2938874.27e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2939874.27e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2940874.27e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2941874.27e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2942874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2943874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2944874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2945874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2946874.27e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2947874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2948874.27e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2949874.27e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2950874.27e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2951874.27e4: supR3HardenedDllNotificationCallback: load 00007ffaaa8d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2952874.27e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2953874.27e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaaa8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2954874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2955874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
2956874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2957874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2958874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2959874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2960874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2961874.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2962874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2963874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2964874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2965874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2966874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2967874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2968874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2969874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2970874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2971874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2972874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2973874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2974874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2975874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2976874.10ec: supR3HardenedDllNotificationCallback: load 00007ffa958e0000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2977874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2978874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa958e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2979874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2980874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2981874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1e10000 'C:\WINDOWS\system32\Iphlpapi.dll'
2982874.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2983874.10ec: supR3HardenedDllNotificationCallback: load 00007ffac3a30000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2984874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2985874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabf630000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2986874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2987874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2988874.10ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
2989874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2990874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabf0a0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2991874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2992874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2993874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2994874.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2995874.10ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
2996874.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2997874.10ec: supR3HardenedDllNotificationCallback: load 00007ffabf080000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2998874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2999874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001050 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3000874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
3001874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
3002874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
3003874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3004874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3005874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
3006874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3007874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3008874.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
3009874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3010874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3011874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3012874.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3013874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
3014874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
3015874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1531_for_KB4074592~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3016874.10ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3017874.10ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3018874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001088 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3019874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
3020874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
3021874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
3022874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
3023874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
3024874.10ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1531_for_KB4074592~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3025874.10ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3026874.10ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3027874.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3028874.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3029874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3030874.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
3031874.e8c: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
3032874.e8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
3033874.e8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
3034874.e8c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000127c (hFile=0000000000001274) with 0xc0000022 -> STATUS_TRUST_FAILURE
3035874.e8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3036874.e8c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001274 (hFile=000000000000127c) with 0xc0000022 -> STATUS_TRUST_FAILURE
3037874.e8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001278 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
3038874.e8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d246e0
3039874.e8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d246e0
3040874.e8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3F8DF254BFF7C7F7A86EE4A6921EB22661029DB
3041874.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
3042874.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
3043874.e8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1569_for_KB4074592~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
3044874.e8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3045874.e8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
3046874.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac1ca0000 'C:\WINDOWS\system32\rsaenh.dll'
3047874.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2ab0000 'C:\WINDOWS\System32\crypt32.dll'
3048874.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
3049874.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
3050874.e8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
3051874.e8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3052874.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3053874.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3054874.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3055874.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3056874.e8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3057874.e8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3058874.e8c: supR3HardenedDllNotificationCallback: load 00007ffac2070000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
3059874.e8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3060874.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2070000 'C:\WINDOWS\system32\mswsock.dll'
3061874.27e4: supR3HardenedDllNotificationCallback: Unload 00007ffaaa8d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3062874.9fc: supR3HardenedDllNotificationCallback: Unload 00007ffab1e40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3063874.9dc: supR3HardenedDllNotificationCallback: Unload 00007ffab1e50000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3064874.9ec: supR3HardenedDllNotificationCallback: Unload 00007ffab1e60000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3065874.27e0: supR3HardenedDllNotificationCallback: Unload 00007ffab1f40000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3066874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa47b0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3067874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa47d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3068874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa4d20000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3069874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa8f20000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3070874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa4090000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3071874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffa89c30000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3072874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffaa1c50000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3073874.10ec: supR3HardenedDllNotificationCallback: Unload 00007ffa95620000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3074874.850: supR3HardenedDllNotificationCallback: Unload 00007ffab7c90000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
3075874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabc380000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3076874.850: supR3HardenedDllNotificationCallback: Unload 00007ffaa1210000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3077874.850: supR3HardenedDllNotificationCallback: Unload 00007ffab7f20000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3078874.850: supR3HardenedDllNotificationCallback: Unload 00007ffac1640000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
3079874.850: supR3HardenedDllNotificationCallback: Unload 00007ffab8eb0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3080874.850: supR3HardenedDllNotificationCallback: Unload 00007ffac1220000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3081874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabc480000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3082874.850: supR3HardenedDllNotificationCallback: Unload 00007ffaa3fb0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3083874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabce90000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3084874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabcbd0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3085874.850: supR3HardenedDllNotificationCallback: Unload 00007ffa8a600000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3086874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabc050000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
3087874.850: supR3HardenedDllNotificationCallback: Unload 00007ffabc6f0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
3088874.850: supR3HardenedDllNotificationCallback: Unload 00007ffac5dc0000 LB 0x0043b000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
3089874.850: Terminating the normal way: rcExit=0
30909d8.9c8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 100558 ms, the end);
309118bc.27d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 101721 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy