VirtualBox

Ticket #15268: VBoxHardening.log

File VBoxHardening.log, 217.8 KB (added by Nayz, 9 years ago)

Log

Line 
12078.207c: Log file opened: 5.0.17r106155 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00
22078.207c: \SystemRoot\System32\ntdll.dll:
32078.207c: CreationTime: 2016-03-02T16:55:02.285378900Z
42078.207c: LastWriteTime: 2016-02-23T11:25:45.858135200Z
52078.207c: ChangeTime: 2016-03-04T22:24:06.336840700Z
62078.207c: FileAttributes: 0x20
72078.207c: Size: 0x1bc048
82078.207c: NT Headers: 0xe0
92078.207c: Timestamp: 0x56cbf9dd
102078.207c: Machine: 0x8664 - amd64
112078.207c: Timestamp: 0x56cbf9dd
122078.207c: Image Version: 10.0
132078.207c: SizeOfImage: 0x1c1000 (1839104)
142078.207c: Resource Dir: 0x159000 LB 0x66220
152078.207c: ProductName: Microsoft® Windows® Operating System
162078.207c: ProductVersion: 10.0.10586.122
172078.207c: FileVersion: 10.0.10586.122 (th2_release_inmarket.160222-1549)
182078.207c: FileDescription: NT Layer DLL
192078.207c: \SystemRoot\System32\kernel32.dll:
202078.207c: CreationTime: 2015-10-30T07:17:46.221743200Z
212078.207c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
222078.207c: ChangeTime: 2016-01-20T17:17:49.451523900Z
232078.207c: FileAttributes: 0x20
242078.207c: Size: 0xac430
252078.207c: NT Headers: 0xf0
262078.207c: Timestamp: 0x5632d5aa
272078.207c: Machine: 0x8664 - amd64
282078.207c: Timestamp: 0x5632d5aa
292078.207c: Image Version: 10.0
302078.207c: SizeOfImage: 0xad000 (708608)
312078.207c: Resource Dir: 0xab000 LB 0x528
322078.207c: ProductName: Microsoft® Windows® Operating System
332078.207c: ProductVersion: 10.0.10586.0
342078.207c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
352078.207c: FileDescription: Windows NT BASE API Client DLL
362078.207c: \SystemRoot\System32\KernelBase.dll:
372078.207c: CreationTime: 2016-03-09T15:16:41.008828500Z
382078.207c: LastWriteTime: 2016-02-24T09:52:06.910200800Z
392078.207c: ChangeTime: 2016-03-12T22:41:57.186854800Z
402078.207c: FileAttributes: 0x20
412078.207c: Size: 0x1e7a10
422078.207c: NT Headers: 0xf0
432078.207c: Timestamp: 0x56cd45b4
442078.207c: Machine: 0x8664 - amd64
452078.207c: Timestamp: 0x56cd45b4
462078.207c: Image Version: 10.0
472078.207c: SizeOfImage: 0x1e8000 (1998848)
482078.207c: Resource Dir: 0x1d1000 LB 0x548
492078.207c: ProductName: Microsoft® Windows® Operating System
502078.207c: ProductVersion: 10.0.10586.162
512078.207c: FileVersion: 10.0.10586.162 (th2_release_sec.160223-1728)
522078.207c: FileDescription: Windows NT BASE API Client DLL
532078.207c: \SystemRoot\System32\apisetschema.dll:
542078.207c: CreationTime: 2015-10-30T07:17:57.502957900Z
552078.207c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
562078.207c: ChangeTime: 2016-01-20T17:07:14.950665900Z
572078.207c: FileAttributes: 0x20
582078.207c: Size: 0x16d60
592078.207c: NT Headers: 0xc8
602078.207c: Timestamp: 0x5632d94c
612078.207c: Machine: 0x8664 - amd64
622078.207c: Timestamp: 0x5632d94c
632078.207c: Image Version: 10.0
642078.207c: SizeOfImage: 0x18000 (98304)
652078.207c: Resource Dir: 0x17000 LB 0x400
662078.207c: ProductName: Microsoft® Windows® Operating System
672078.207c: ProductVersion: 10.0.10586.0
682078.207c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
692078.207c: FileDescription: ApiSet Schema DLL
702078.207c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
712078.207c: supR3HardenedWinFindAdversaries: 0x0
722078.207c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
732078.207c: Calling main()
742078.207c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
752078.207c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
762078.207c: SUPR3HardenedMain: Respawn #1
772078.207c: System32: \Device\HarddiskVolume4\Windows\System32
782078.207c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
792078.207c: KnownDllPath: C:\WINDOWS\system32
802078.207c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
812078.207c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
822078.207c: supR3HardNtEnableThreadCreation:
832078.207c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff830556d50 pvNtTerminateThread=00007ff830585b20
842078.207c: supR3HardenedWinDoReSpawn(1): New child 2088.208c [kernel32].
852078.207c: supR3HardNtChildGatherData: PebBaseAddress=0000000000284000 cbPeb=0x388
862078.207c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8304e0000 uNtDllChildAddr=00007ff8304e0000
872078.207c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff830556d50
882078.207c: supR3HardenedWinSetupChildInit: Start child.
892078.207c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
902078.207c: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 30 sleeps
912078.207c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
922078.207c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
932078.207c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
942078.207c: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
952078.207c: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
962078.207c: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
972078.207c: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
982078.207c: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
992078.207c: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
1002078.207c: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
1012078.207c: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
1022078.207c: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
1032078.207c: *0000000000200000-000000000017bfff 0x0000/0x0004 0x0020000
1042078.207c: 0000000000284000-0000000000280fff 0x0004/0x0004 0x0020000
1052078.207c: 0000000000287000-000000000010dfff 0x0000/0x0004 0x0020000
1062078.207c: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
1072078.207c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1082078.207c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1092078.207c: 000000007fff0000-ffff800a6ef1ffff 0x0001/0x0000 0x0000000
1102078.207c: *00007ff6910c0000-00007ff69109cfff 0x0002/0x0002 0x0040000
1112078.207c: 00007ff6910e3000-00007ff690f05fff 0x0001/0x0000 0x0000000
1122078.207c: *00007ff6912c0000-00007ff6912c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1132078.207c: 00007ff6912c1000-00007ff691347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1142078.207c: 00007ff691348000-00007ff691348fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1152078.207c: 00007ff691349000-00007ff691393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1162078.207c: 00007ff691394000-00007ff691394fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1172078.207c: 00007ff691395000-00007ff691395fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1182078.207c: 00007ff691396000-00007ff69139afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1192078.207c: 00007ff69139b000-00007ff69139bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1202078.207c: 00007ff69139c000-00007ff69139cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1212078.207c: 00007ff69139d000-00007ff6913a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1222078.207c: 00007ff6913a1000-00007ff6913ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1232078.207c: 00007ff6913ec000-00007ff4f22f7fff 0x0001/0x0000 0x0000000
1242078.207c: *00007ff8304e0000-00007ff8304e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1252078.207c: 00007ff8304e1000-00007ff8305ddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1262078.207c: 00007ff8305de000-00007ff83061efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1272078.207c: 00007ff83061f000-00007ff830627fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1282078.207c: 00007ff830628000-00007ff830634fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1292078.207c: 00007ff830635000-00007ff830635fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1302078.207c: 00007ff830636000-00007ff830638fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1312078.207c: 00007ff830639000-00007ff8306a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1322078.207c: 00007ff8306a1000-00007ff060d61fff 0x0001/0x0000 0x0000000
1332078.207c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1342078.207c: VirtualBox.exe: timestamp 0x56f183d8 (rc=VINF_SUCCESS)
1352078.207c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1362078.207c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1372078.207c: supR3HardNtChildPurify: Done after 338 ms and 0 fixes (loop #0).
1382078.207c: supR3HardNtEnableThreadCreation:
1392088.208c: Log file opened: 5.0.17r106155 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
1402088.208c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8304e0000 g_uNtVerCombined=0xa0295a00
1412088.208c: ntdll.dll: timestamp 0x56cbf9dd (rc=VINF_SUCCESS)
1422088.208c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
1432088.208c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1442088.208c: System32: \Device\HarddiskVolume4\Windows\System32
1452088.208c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1462088.208c: KnownDllPath: C:\WINDOWS\system32
1472088.208c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1482088.208c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1492088.208c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1502088.208c: Registered Dll notification callback with NTDLL.
1512088.208c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1522088.208c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1532088.208c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1542088.208c: supR3HardenedDllNotificationCallback: load 00007ff82cb90000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
1552088.208c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1562088.208c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1572088.208c: supR3HardenedDllNotificationCallback: load 00007ff82f630000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
1582088.208c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1592088.208c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f630000 'C:\WINDOWS\system32\KERNEL32.DLL'
1602088.208c: supR3HardenedDllNotificationCallback: load 00007ff6912c0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1612088.208c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1622088.208c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1632088.208c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1642088.208c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff830556d50 pvNtTerminateThread=00007ff830585b20
1652078.207c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
1662088.208c: \SystemRoot\System32\ntdll.dll:
1672088.208c: CreationTime: 2016-03-02T16:55:02.285378900Z
1682088.208c: LastWriteTime: 2016-02-23T11:25:45.858135200Z
1692088.208c: ChangeTime: 2016-03-04T22:24:06.336840700Z
1702088.208c: FileAttributes: 0x20
1712088.208c: Size: 0x1bc048
1722088.208c: NT Headers: 0xe0
1732088.208c: Timestamp: 0x56cbf9dd
1742088.208c: Machine: 0x8664 - amd64
1752088.208c: Timestamp: 0x56cbf9dd
1762088.208c: Image Version: 10.0
1772088.208c: SizeOfImage: 0x1c1000 (1839104)
1782088.208c: Resource Dir: 0x159000 LB 0x66220
1792088.208c: ProductName: Microsoft® Windows® Operating System
1802088.208c: ProductVersion: 10.0.10586.122
1812088.208c: FileVersion: 10.0.10586.122 (th2_release_inmarket.160222-1549)
1822088.208c: FileDescription: NT Layer DLL
1832088.208c: \SystemRoot\System32\kernel32.dll:
1842088.208c: CreationTime: 2015-10-30T07:17:46.221743200Z
1852088.208c: LastWriteTime: 2015-10-30T07:17:46.221743200Z
1862088.208c: ChangeTime: 2016-01-20T17:17:49.451523900Z
1872088.208c: FileAttributes: 0x20
1882088.208c: Size: 0xac430
1892088.208c: NT Headers: 0xf0
1902088.208c: Timestamp: 0x5632d5aa
1912088.208c: Machine: 0x8664 - amd64
1922088.208c: Timestamp: 0x5632d5aa
1932088.208c: Image Version: 10.0
1942088.208c: SizeOfImage: 0xad000 (708608)
1952088.208c: Resource Dir: 0xab000 LB 0x528
1962088.208c: ProductName: Microsoft® Windows® Operating System
1972088.208c: ProductVersion: 10.0.10586.0
1982088.208c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
1992088.208c: FileDescription: Windows NT BASE API Client DLL
2002088.208c: \SystemRoot\System32\KernelBase.dll:
2012088.208c: CreationTime: 2016-03-09T15:16:41.008828500Z
2022088.208c: LastWriteTime: 2016-02-24T09:52:06.910200800Z
2032088.208c: ChangeTime: 2016-03-12T22:41:57.186854800Z
2042088.208c: FileAttributes: 0x20
2052088.208c: Size: 0x1e7a10
2062088.208c: NT Headers: 0xf0
2072088.208c: Timestamp: 0x56cd45b4
2082088.208c: Machine: 0x8664 - amd64
2092088.208c: Timestamp: 0x56cd45b4
2102088.208c: Image Version: 10.0
2112088.208c: SizeOfImage: 0x1e8000 (1998848)
2122088.208c: Resource Dir: 0x1d1000 LB 0x548
2132088.208c: ProductName: Microsoft® Windows® Operating System
2142088.208c: ProductVersion: 10.0.10586.162
2152088.208c: FileVersion: 10.0.10586.162 (th2_release_sec.160223-1728)
2162088.208c: FileDescription: Windows NT BASE API Client DLL
2172088.208c: \SystemRoot\System32\apisetschema.dll:
2182088.208c: CreationTime: 2015-10-30T07:17:57.502957900Z
2192088.208c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
2202088.208c: ChangeTime: 2016-01-20T17:07:14.950665900Z
2212088.208c: FileAttributes: 0x20
2222088.208c: Size: 0x16d60
2232088.208c: NT Headers: 0xc8
2242088.208c: Timestamp: 0x5632d94c
2252088.208c: Machine: 0x8664 - amd64
2262088.208c: Timestamp: 0x5632d94c
2272088.208c: Image Version: 10.0
2282088.208c: SizeOfImage: 0x18000 (98304)
2292088.208c: Resource Dir: 0x17000 LB 0x400
2302088.208c: ProductName: Microsoft® Windows® Operating System
2312088.208c: ProductVersion: 10.0.10586.0
2322088.208c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
2332088.208c: FileDescription: ApiSet Schema DLL
2342088.208c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2352088.208c: supR3HardenedWinFindAdversaries: 0x0
2362088.208c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2372088.208c: Calling main()
2382088.208c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2392088.208c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2402088.208c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2412088.208c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2422088.208c: SUPR3HardenedMain: Respawn #2
2432088.208c: supR3HardNtEnableThreadCreation:
2442088.208c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff830556d50 pvNtTerminateThread=00007ff830585b20
2452088.208c: supR3HardenedWinDoReSpawn(2): New child 21fc.2200 [kernel32].
2462088.208c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2472088.208c: supR3HardNtChildGatherData: PebBaseAddress=000000000027d000 cbPeb=0x388
2482088.208c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8304e0000 uNtDllChildAddr=00007ff8304e0000
2492088.208c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff830556d50
2502088.208c: supR3HardenedWinSetupChildInit: Start child.
2512088.208c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2522088.208c: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
2532088.208c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2542088.208c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2552088.208c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2562088.208c: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
2572088.208c: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
2582088.208c: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
2592088.208c: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
2602088.208c: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
2612088.208c: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
2622088.208c: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
2632088.208c: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
2642088.208c: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
2652088.208c: *0000000000200000-0000000000182fff 0x0000/0x0004 0x0020000
2662088.208c: 000000000027d000-0000000000279fff 0x0004/0x0004 0x0020000
2672088.208c: 0000000000280000-00000000000fffff 0x0000/0x0004 0x0020000
2682088.208c: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
2692088.208c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2702088.208c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2712088.208c: 000000007fff0000-ffff800a6f81ffff 0x0001/0x0000 0x0000000
2722088.208c: *00007ff6907c0000-00007ff69079cfff 0x0002/0x0002 0x0040000
2732088.208c: 00007ff6907e3000-00007ff68fd05fff 0x0001/0x0000 0x0000000
2742088.208c: *00007ff6912c0000-00007ff6912c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2752088.208c: 00007ff6912c1000-00007ff691347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2762088.208c: 00007ff691348000-00007ff691348fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2772088.208c: 00007ff691349000-00007ff691393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2782088.208c: 00007ff691394000-00007ff691394fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2792088.208c: 00007ff691395000-00007ff691395fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2802088.208c: 00007ff691396000-00007ff69139afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2812088.208c: 00007ff69139b000-00007ff69139bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2822088.208c: 00007ff69139c000-00007ff69139cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2832088.208c: 00007ff69139d000-00007ff6913a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2842088.208c: 00007ff6913a1000-00007ff6913ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2852088.208c: 00007ff6913ec000-00007ff4f22f7fff 0x0001/0x0000 0x0000000
2862088.208c: *00007ff8304e0000-00007ff8304e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2872088.208c: 00007ff8304e1000-00007ff8305ddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2882088.208c: 00007ff8305de000-00007ff83061efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2892088.208c: 00007ff83061f000-00007ff830627fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2902088.208c: 00007ff830628000-00007ff830634fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2912088.208c: 00007ff830635000-00007ff830635fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2922088.208c: 00007ff830636000-00007ff830638fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2932088.208c: 00007ff830639000-00007ff8306a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2942088.208c: 00007ff8306a1000-00007ff060d61fff 0x0001/0x0000 0x0000000
2952088.208c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2962088.208c: VirtualBox.exe: timestamp 0x56f183d8 (rc=VINF_SUCCESS)
2972088.208c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2982088.208c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2992088.208c: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
30021fc.2200: Log file opened: 5.0.17r106155 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
30121fc.2200: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8304e0000 g_uNtVerCombined=0xa0295a00
3022088.208c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
3032088.208c: supR3HardNtEnableThreadCreation:
30421fc.2200: ntdll.dll: timestamp 0x56cbf9dd (rc=VINF_SUCCESS)
30521fc.2200: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
30621fc.2200: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
30721fc.2200: System32: \Device\HarddiskVolume4\Windows\System32
30821fc.2200: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
30921fc.2200: KnownDllPath: C:\WINDOWS\system32
31021fc.2200: supR3HardenedVmProcessInit: Opening vboxdrv...
31121fc.2200: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
31221fc.2200: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
31321fc.2200: Registered Dll notification callback with NTDLL.
31421fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
31521fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
31621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
31721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cb90000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
31821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
31921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
32021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f630000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
32121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
32221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f630000 'C:\WINDOWS\system32\KERNEL32.DLL'
32321fc.2200: supR3HardenedDllNotificationCallback: load 00007ff6912c0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
32421fc.2200: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
32521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
32621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32721fc.2200: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff830556d50 pvNtTerminateThread=00007ff830585b20
3282088.208c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 105 ms.
32921fc.2200: \SystemRoot\System32\ntdll.dll:
33021fc.2200: CreationTime: 2016-03-02T16:55:02.285378900Z
33121fc.2200: LastWriteTime: 2016-02-23T11:25:45.858135200Z
33221fc.2200: ChangeTime: 2016-03-04T22:24:06.336840700Z
33321fc.2200: FileAttributes: 0x20
33421fc.2200: Size: 0x1bc048
33521fc.2200: NT Headers: 0xe0
33621fc.2200: Timestamp: 0x56cbf9dd
33721fc.2200: Machine: 0x8664 - amd64
33821fc.2200: Timestamp: 0x56cbf9dd
33921fc.2200: Image Version: 10.0
34021fc.2200: SizeOfImage: 0x1c1000 (1839104)
34121fc.2200: Resource Dir: 0x159000 LB 0x66220
34221fc.2200: ProductName: Microsoft® Windows® Operating System
34321fc.2200: ProductVersion: 10.0.10586.122
34421fc.2200: FileVersion: 10.0.10586.122 (th2_release_inmarket.160222-1549)
34521fc.2200: FileDescription: NT Layer DLL
34621fc.2200: \SystemRoot\System32\kernel32.dll:
34721fc.2200: CreationTime: 2015-10-30T07:17:46.221743200Z
34821fc.2200: LastWriteTime: 2015-10-30T07:17:46.221743200Z
34921fc.2200: ChangeTime: 2016-01-20T17:17:49.451523900Z
35021fc.2200: FileAttributes: 0x20
35121fc.2200: Size: 0xac430
35221fc.2200: NT Headers: 0xf0
35321fc.2200: Timestamp: 0x5632d5aa
35421fc.2200: Machine: 0x8664 - amd64
35521fc.2200: Timestamp: 0x5632d5aa
35621fc.2200: Image Version: 10.0
35721fc.2200: SizeOfImage: 0xad000 (708608)
35821fc.2200: Resource Dir: 0xab000 LB 0x528
35921fc.2200: ProductName: Microsoft® Windows® Operating System
36021fc.2200: ProductVersion: 10.0.10586.0
36121fc.2200: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
36221fc.2200: FileDescription: Windows NT BASE API Client DLL
36321fc.2200: \SystemRoot\System32\KernelBase.dll:
36421fc.2200: CreationTime: 2016-03-09T15:16:41.008828500Z
36521fc.2200: LastWriteTime: 2016-02-24T09:52:06.910200800Z
36621fc.2200: ChangeTime: 2016-03-12T22:41:57.186854800Z
36721fc.2200: FileAttributes: 0x20
36821fc.2200: Size: 0x1e7a10
36921fc.2200: NT Headers: 0xf0
37021fc.2200: Timestamp: 0x56cd45b4
37121fc.2200: Machine: 0x8664 - amd64
37221fc.2200: Timestamp: 0x56cd45b4
37321fc.2200: Image Version: 10.0
37421fc.2200: SizeOfImage: 0x1e8000 (1998848)
37521fc.2200: Resource Dir: 0x1d1000 LB 0x548
37621fc.2200: ProductName: Microsoft® Windows® Operating System
37721fc.2200: ProductVersion: 10.0.10586.162
37821fc.2200: FileVersion: 10.0.10586.162 (th2_release_sec.160223-1728)
37921fc.2200: FileDescription: Windows NT BASE API Client DLL
38021fc.2200: \SystemRoot\System32\apisetschema.dll:
38121fc.2200: CreationTime: 2015-10-30T07:17:57.502957900Z
38221fc.2200: LastWriteTime: 2015-10-30T07:17:57.502957900Z
38321fc.2200: ChangeTime: 2016-01-20T17:07:14.950665900Z
38421fc.2200: FileAttributes: 0x20
38521fc.2200: Size: 0x16d60
38621fc.2200: NT Headers: 0xc8
38721fc.2200: Timestamp: 0x5632d94c
38821fc.2200: Machine: 0x8664 - amd64
38921fc.2200: Timestamp: 0x5632d94c
39021fc.2200: Image Version: 10.0
39121fc.2200: SizeOfImage: 0x18000 (98304)
39221fc.2200: Resource Dir: 0x17000 LB 0x400
39321fc.2200: ProductName: Microsoft® Windows® Operating System
39421fc.2200: ProductVersion: 10.0.10586.0
39521fc.2200: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
39621fc.2200: FileDescription: ApiSet Schema DLL
39721fc.2200: NtOpenDirectoryObject failed on \Driver: 0xc0000022
39821fc.2200: supR3HardenedWinFindAdversaries: 0x0
39921fc.2200: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
40021fc.2200: Calling main()
40121fc.2200: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
40221fc.2200: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
40321fc.2200: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
40421fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
40521fc.2200: SUPR3HardenedMain: Final process, opening VBoxDrv...
40621fc.2200: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
40721fc.2200: supR3HardNtEnableThreadCreation:
40821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
40921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
41021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
41121fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff820930000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
41321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
42021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820930000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
42121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
42321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
42421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
42521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
42621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
42721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
42821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
42921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
43021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
43121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
43221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
43321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
43521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
43621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
43721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
43821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
43921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
44021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
44121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
44221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
44321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
44421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
44521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
44621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
44721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
44821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
44921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
45021fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
45121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
45221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f530000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
45321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
45421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cb10000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
45521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
45621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82d710000 LB 0x001c7000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
45721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
45821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82dd10000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
45921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
46021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cd80000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
46121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
46221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\WINDOWS\system32\Wintrust.dll'
46321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
46421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
46521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
46621fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82c700000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
46821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c700000 'C:\WINDOWS\system32\bcrypt.dll'
47021fc.2200: bcrypt.dll loaded at 00007ff82c700000, BCryptOpenAlgorithmProvider at 00007ff82c703b50, preloading providers:
47121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
47221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
47321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
47421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82d6a0000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
47521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
47621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d6a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
47721fc.2200: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000ad9c20)
47821fc.2200: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000ada2e0)
47921fc.2200: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000ada5b0)
48021fc.2200: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000ada910)
48121fc.2200: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000adb430)
48221fc.2200: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000adb740)
48321fc.2200: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000adba50)
48421fc.2200: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000adbd20)
48521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
48621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
48721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
48821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
48921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
49121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49221fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
49421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
49721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
49821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
49921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
50021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
50121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
50321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
50421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
50521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
50621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
50721fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
50821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82c600000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
50921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
51021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
51121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
51221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
51321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
51421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
51521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
51621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
51721fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
51821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82c150000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
51921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
52021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
52121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
52221fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
52321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
52421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82c5e0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
52521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
52621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
52721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
52821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
52921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
53021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
53121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f630000 'C:\WINDOWS\system32\kernel32.dll'
53221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
53321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
53421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
53521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
53621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\CRYPT32.dll'
53721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f440000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
53821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
53921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
54021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
54121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
54221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
54321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
54421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
54621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
54721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82fda0000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
54821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
54921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
55021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
55121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
55221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
55321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
55421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
55521fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82bae0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
55621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
55721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cb20000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
55821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
55921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
56021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
56121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
56221fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
56321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
56421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
56521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
56621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
56721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
56821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
56921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
57021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
57421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
57521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
57621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
58021fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58121fc.2200: supR3HardenedDllNotificationCallback: load 00007ff81ac40000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
58221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
58521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
58621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
58721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
58821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
58921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
59221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
59521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
59721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
59821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
59921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
60021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
60121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
60321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
60521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
60721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
60821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
60921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
61021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
61121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\WINDOWS\system32\cryptnet.dll'
61221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
61321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ac40000 'C:\Windows\System32\cryptnet.dll'
61421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82fa30000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
61521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
61721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
61821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
61921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
62021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
62221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
62321fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
62421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
62521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
62621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
62721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
62821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
62921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
63021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
63221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
63321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
63421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
63521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
63621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000b1be50
63721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
63821fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5E43AC987A1B720B34D9AF7350D39ECE2F470ADE
63921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
64021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
64121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82dd10000 'C:\WINDOWS\system32\rpcrt4.dll'
64221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
64421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
64621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
64821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
65021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
65221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
65421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\Windows\System32\WINTRUST.DLL'
65721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
65821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
65921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
66021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
66121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
66321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1135_for_KB3140743~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
66421fc.2200: g_pfnWinVerifyTrust=00007ff82cd874d0
66521fc.2200: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
66621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
66721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
66821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
66921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
67021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
67221fc.2200: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
67321fc.2200: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
67421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
67521fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
67721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
67821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
68021fc.2200: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
68121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
68221fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
68321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
68421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
68521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
68621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
68721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
68821fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
68921fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
69021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
69221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
69321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
69421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
69521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
69621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
69821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
69921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
70021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
70221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
70321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
70421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
70621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
70721fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
70821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
70921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
71021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
71121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
71221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
71321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
71421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
71521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
71621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
71721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
71821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
71921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
72121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
72221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
72321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
72521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
72621fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
72721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
72821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
72921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
73021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
73121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
73221fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
73321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
73421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
73521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
73621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
73721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
73821fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
73921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
74021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
74121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
74221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
74321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
74421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
74521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
74621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
74721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
74821fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
74921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
75021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
75121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
75221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
75321fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
75421fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
75521fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
75621fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xcd7104bb1eb1d800 CN=1CS0H72.kal.com
75721fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
75821fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
75921fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
76021fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
76121fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
76221fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
76321fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x6ed10cc816e69500 CN=1CS0H72
76421fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
76521fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
76621fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
76721fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
76821fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
76921fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
77021fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
77121fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
77221fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
77321fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
77421fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
77521fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
77621fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
77721fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
77821fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
77921fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
78021fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
78121fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
78221fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
78321fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
78421fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
78521fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
78621fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
78721fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
78821fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
78921fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
79021fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
79121fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
79221fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
79321fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
79421fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
79521fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
79621fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
79721fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
79821fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
79921fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x494d95dad9e3bd00 CN=KALROOTCA-CA
80021fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x494d95dad9e3bd00 CN=KALROOTCA-CA
80121fc.2200: supR3HardenedWinIsDesiredRootCA: Adding 0x2f8e7c600b7ebd00 CN=KALROOTCA-CA
80221fc.2200: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
80321fc.2200: SUPR3HardenedMain: Load Runtime...
80421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
80521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
80621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
80721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
80821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
80921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
81021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
81121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
81221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
81321fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
81421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
81521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
81621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
81721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
81821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
81921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
82021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
82121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
82221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
82321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
82421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
82521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
82621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
82721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
82821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
82921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
83021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
83121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
83221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
83321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
83421fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
83521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
83621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
83721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
83821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
83921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
84021fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
84121fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
84221fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
84321fc.2200: supR3HardenedDllNotificationCallback: load 000000006d2a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
84421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
84521fc.2200: supR3HardenedDllNotificationCallback: load 000000006d380000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
84621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
84721fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f460000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
84821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
84921fc.2200: supR3HardenedDllNotificationCallback: load 00007ff80b3e0000 LB 0x0055a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
85021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
85121fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
85221fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
85321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
85421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
85621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
85721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
85821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
85921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
86021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
86321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
86621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
86721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
86821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
86921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
87021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
87821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
87921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
88921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
89721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
89821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
89921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80b3e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
90221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82cd80000 'C:\WINDOWS\system32\Wintrust.dll'
90321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
90421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
90521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
90621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
90721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
90821fc.2200: SUPR3HardenedMain: Load TrustedMain...
90921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
91021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
91121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
91221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
91321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
91421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
91521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
91621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
91721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
91821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
91921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
92021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
92121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
92221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
92321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
92421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
92521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
92621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
92721fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
92821fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
92921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
93021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
93121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
93221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
93321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
93421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
93521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
93621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
93721fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
93821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
93921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
94021fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
94121fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
94221fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
94321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A350A9728CCF9D9DA5C34E66C65B031F50EE801
94421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
94521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
94621fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
94721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
94821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
94921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
95021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
95221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
95321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
95421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
95521fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
95621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
95721fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
95821fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
95921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
96021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
96121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
96221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
96321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
96421fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
96521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
96621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
96721fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
96821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
96921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
97021fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
97121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
97221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
97321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
97421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
97621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
97721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
97821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
97921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
98021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
98121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
98221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
98321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
98421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
98521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
98621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
98721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
98821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
98921fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
99021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
99121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\netapi32.dll)
99221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\netapi32.dll
99321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
99421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
99521fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll'.
99621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
99721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
99821fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll)
99921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll
100021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
100121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
100221fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
100321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
100421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
100521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
100621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
100721fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
100821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
100921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
101021fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
101121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
101221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
101321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
101421fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
101521fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
101621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
101721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
101821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
101921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
102021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
102121fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
102221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
102321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
102421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
102521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
102621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
102721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
102821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
102921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
103021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
103121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
103221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
103321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
103421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
103521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
103621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
103721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
103821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
103921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
104021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
104121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
104221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
104321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
104421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
104521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
104621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
104721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
104821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
104921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
105021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
105121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
105221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
105321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
105421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
105521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
105621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
105721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
105821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
105921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
106021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
106121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
106221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
106321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
106421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
106521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
106621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
106721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
106821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
106921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
107021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
107121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
107221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
107321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
107421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
107521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
107621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
107721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
107821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
107921fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
108021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
108121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
108221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
108321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
108421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
108521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
108621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
108721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
108821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
108921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
109021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
109121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
109221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
109321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
109421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
109521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
109621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
109721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
109821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
109921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
110021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
110121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
110221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
110321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
110421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
110521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
110621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
110721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
110821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
110921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
111021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
111121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
111221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
111321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
111421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
111521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
111621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
111721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
112021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
112121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
112221fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
112321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
112421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
112521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
112621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
112721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
112821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
112921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
113021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
113121fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
113221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
113321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
113421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
113521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
113621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
113721fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
113821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
113921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
114021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
114121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
114221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
114321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
114421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
114521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
114621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
114721fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
114821fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
114921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
115021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
115121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
115221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
115321fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
115421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
115521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
115621fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
115721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
115821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
115921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
116021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
116121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
116221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
116321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
116421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
116521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
116621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
116721fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
116821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
116921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
117021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
117121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
117221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
117321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
117421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
117521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
117621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
117721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
117821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
117921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
118021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
118121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
118221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
118321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
118421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
118521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
118621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
118721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
118821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
118921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
119021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
119121fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
119221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
119321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
119421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
119521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
119621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
119721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
119821fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
119921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
120021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
120121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
120221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
120321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
120421fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
120521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
120621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
120721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
120821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
120921fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
121021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
121121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
121221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
121321fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
121421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
121521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
121621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
121721fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
121821fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
121921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
122021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
122121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
122221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
122321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
122421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
122521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
122621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
122721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
122821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
122921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
123021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
123121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
123221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
123321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
123421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
123521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
123621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
123721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
123821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
123921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
124021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
124121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
124221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
124321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
124421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
124521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
124621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
124721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
124821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
124921fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
125021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
125121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
125221fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
125321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
125421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
125521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
125621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
125721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
125821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
125921fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
126021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
126121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
126221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
126321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
126421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
126521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
126621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
126721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
126821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
126921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
127021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
127121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
127221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
127321fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
127421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
127521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
127621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
127721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
127821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
127921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
128021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
128121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
128221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
128321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
128421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
128521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
128621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
128821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
129021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
129121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
129221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
129321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
129421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
129521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
129621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
129721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
129821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
129921fc.2200: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
130021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
130121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
130221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
130321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
130421fc.2200: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
130521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
130621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
130721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
130821fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
130921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
131021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
131121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
131221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
131321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
131421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
131521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
131621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
131721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
131821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
131921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
132021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
132121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
132221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
132321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
132421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
132521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
132621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
132721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
132821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
132921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
133021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
133121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
133221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
133321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
133421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
133521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
133621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
133721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
133821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
133921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
134021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
134121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
134221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
134321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
134421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
134521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
134621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
134721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
134821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
134921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
135021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
135121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
135221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
135321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
135421fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
135521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
135621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
135721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
135821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
135921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
136021fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
136121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
136221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
136321fc.2200: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust]
136421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
136521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
136621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
136721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
136821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
136921fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
137021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
137121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
137221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
137321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
137421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
137521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
137621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
137721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
137821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
137921fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
138021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
138121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
138221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
138321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
138421fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
138521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
138621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
138721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
138821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
138921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
139021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
139121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
139221fc.2200: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
139321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
139421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
139521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
139621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
139721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
139821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
139921fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
140021fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
140121fc.2200: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
140221fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
140321fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
140421fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
140521fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
140621fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
140721fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
140821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
140921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
141021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
141121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
141221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
141321fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
141421fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
141521fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
141621fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
141721fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
141821fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
141921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
142021fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\davhlpr.dll)
142121fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\davhlpr.dll
142221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82ffb0000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
142321fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f8a0000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
142421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff812db0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
142521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
142621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff811d90000 LB 0x000fa000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
142721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
142821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff811e90000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
142921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
143021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff811f00000 LB 0x00129000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
143121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
143221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82fb20000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0]
143321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
143421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff8301b0000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
143521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
143621fc.2200: supR3HardenedDllNotificationCallback: load 000000006cee0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
143721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
143821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cde0000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0]
143921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
144021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
144121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
144221fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
144321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
144421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f840000 LB 0x00052000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0]
144521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
144621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff8278b0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
144721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
144821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82d5c0000 LB 0x00043000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0]
144921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
145021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
145121fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cb00000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0]
145221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
145321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
145421fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
145521fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
145621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cb40000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0]
145721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
145821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
145921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
146021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
146121fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82cea0000 LB 0x00645000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0]
146221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
146321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
146421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
146521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
146621fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
146721fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
146821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82de30000 LB 0x0155c000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
146921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
147021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82d610000 LB 0x00086000 C:\WINDOWS\system32\FirewallAPI.dll [fFlags=0x0]
147121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
147221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82d5a0000 LB 0x00017000 C:\WINDOWS\system32\NETAPI32.dll [fFlags=0x0]
147321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
147421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff827ef0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
147521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
147621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff830300000 LB 0x0010b000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
147721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
147821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff830410000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
147921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
148021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82fae0000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
148121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
148221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82adb0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
148321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
148421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82ae10000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
148521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
148621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff828b20000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
148721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
148821fc.2200: supR3HardenedDllNotificationCallback: load 000000006c570000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
148921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
149021fc.2200: supR3HardenedDllNotificationCallback: load 000000006d1c0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
149121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
149221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff80a920000 LB 0x00abf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
149321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
149421fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
149521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
149621fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
149721fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
149821fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
149921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
150021fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
150121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
150221fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
150321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
150421fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\davhlpr.dll'.
150521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\davhlpr.dll' [rescheduled]
150621fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
150721fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
150821fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
150921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
151021fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
151121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
151221fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
151321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
151421fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
151521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
151621fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
151721fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
151821fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
151921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
152021fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
152121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
152221fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
152321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
152421fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
152521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
152621fc.2200: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll'.
152721fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll' [rescheduled]
152821fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
152921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
153021fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
153121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
153221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
153321fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
153421fc.2200: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
153521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
153621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
153721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
153821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
153921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
154021fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
154121fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
154221fc.2200: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
154321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
154621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
154721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
155221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
155321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
155621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
155721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
155821fc.2200: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
155921fc.2200: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
156021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
156121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
156221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
156721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
156821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
156921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
157021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
157121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
157221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
157321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
157421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82fae0000 'C:\WINDOWS\system32\imm32.dll'
157521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
157721fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\fwbase.dll)
157821fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\fwbase.dll
157921fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82b860000 LB 0x00032000 C:\WINDOWS\SYSTEM32\fwbase.dll [fFlags=0x0]
158021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
158121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a920000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
158221fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume4\Windows\System32\fwbase.dll
158321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
158421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
158521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97F7C788CD8835236DB877754F6544B4F05C2AE4
158621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
158721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
158821fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
158921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
159221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
159321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1284_for_KB3140768~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume4\Windows\System32\fwbase.dll'
159421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
159521fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\fwbase.dll'
159621fc.2200: SUPR3HardenedMain: Calling TrustedMain (00007ff80a9210f0)...
159721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
159821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
159921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ae10000 'C:\WINDOWS\system32\winmm.dll'
160021fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
160121fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
160221fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
160321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
160421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
160521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
160621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
160721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
160821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
160921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
161021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
161121fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
161221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
161321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
161621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
161721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
161821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
161921fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
162021fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
162121fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82b3b0000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
162221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
162321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b3b0000 'C:\WINDOWS\system32\uxtheme.dll'
162421fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f6e0000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
162521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
162621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
162721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
162821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
162921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
163021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
163121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
163221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
163321fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
163421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
163721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
164221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
164321fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
164421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006cc pwszName=\Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
164521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
164621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
164721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00B1D22BEE028A00D326866A2ACFB5C55928321B
164821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
164921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
165021fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
165121fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
165221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
165321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
165421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'user32.dll'.
165521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
165621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
165721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
166021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
166121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
166221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
166321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
166421fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
166521fc.2200: supR3HardenedDllNotificationCallback: load 00007ff8197a0000 LB 0x000a3000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
166621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
166721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8197a0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
166821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166921fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
167021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
167121fc.2200: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
167221fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
167321fc.2200: supR3HardenedDllNotificationCallback: load 00007ff8281a0000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
167421fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
167521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
167621fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
167721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
167821fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
167921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
168021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
168321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
168521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
168621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
168721fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
168821fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
168921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
169021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
169121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
169221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82de30000 'C:\WINDOWS\system32\shell32.dll'
169321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
169421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
169521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f630000 'C:\WINDOWS\system32\kernel32.dll'
169621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
169721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
169821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b3b0000 'C:\WINDOWS\system32\uxtheme.dll'
169921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
170021fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b3b0000 'C:\WINDOWS\system32\uxtheme.dll'
170221fc.2200: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
170321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
170521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ffb0000 'C:\WINDOWS\system32\user32.dll'
170621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
170721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82b3b0000 'C:\WINDOWS\system32\uxtheme.dll'
170921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ffb0000 'C:\WINDOWS\system32\user32.dll'
171021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
171121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
171221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82fa30000 'C:\WINDOWS\system32\advapi32.dll'
171321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
171421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
171521fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
171621fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
171721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
171821fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
171921fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
172021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
172121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
172221fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
172321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
172421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
172521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
172621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
172721fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
172821fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
172921fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
173021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82c2a0000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
173121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
173221fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c2a0000 'C:\WINDOWS\system32\userenv.dll'
173321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
173421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
173521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f630000 'C:\WINDOWS\system32\kernel32.dll'
173621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82f390000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0]
173721fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173821fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
173921fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
174021fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
174121fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
174221fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
174321fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
174421fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
174521fc.223c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
174621fc.223c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
174721fc.223c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
174821fc.223c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
174921fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
175021fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
175121fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
175221fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
175321fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
175421fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
175521fc.223c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
175621fc.223c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
175721fc.223c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
175821fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
175921fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
176021fc.223c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
176121fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
176221fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
176321fc.223c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
176421fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
176521fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
176621fc.223c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
176721fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
176821fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
176921fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
177021fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
177121fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
177221fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
177321fc.223c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
177421fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
177521fc.223c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
177621fc.223c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
177721fc.223c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
177821fc.223c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
177921fc.223c: supR3HardenedDllNotificationCallback: load 00007ff80a340000 LB 0x005da000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
178021fc.223c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
178121fc.223c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80a340000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
178221fc.223c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
178321fc.223c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
178421fc.223c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830410000 'C:\Windows\System32\oleaut32.dll'
178521fc.223c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
178621fc.223c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
178721fc.223c: supR3HardenedDllNotificationCallback: load 00007ff82c9c0000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
178821fc.223c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
178921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
179021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
179121fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
179221fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
179321fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
179421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff830410000 'C:\WINDOWS\system32\OLEAUT32.dll'
179521fc.2200: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
179621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
179721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
179821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f8a0000 'C:\WINDOWS\system32\gdi32.dll'
179921fc.2234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
180021fc.2234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
180121fc.2234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
180221fc.2234: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
180321fc.2234: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
180421fc.2234: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
180521fc.2234: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
180621fc.2234: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
180721fc.2234: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
180821fc.2234: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
180921fc.2234: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
181021fc.2234: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
181121fc.2234: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
181221fc.2234: supR3HardenedDllNotificationCallback: load 00007ff81b680000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
181321fc.2234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
181421fc.2234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b680000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
181521fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82ffb0000 'C:\WINDOWS\system32\user32.dll'
181621fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
181721fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
181821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82de30000 'C:\WINDOWS\system32\shell32.dll'
181921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
182021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
182121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
182221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
182321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
182421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
182521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
182621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
182721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
182821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
182921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
183021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
183121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
183221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
183321fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
183421fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
183521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
183621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
183721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
183821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
183921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
184021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
184121fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
184221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
184321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
184421fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
184521fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
184621fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
184721fc.2200: supR3HardenedDllNotificationCallback: load 000000006c460000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
184821fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
184921fc.2200: supR3HardenedDllNotificationCallback: load 00007ff806680000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
185021fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
185121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff806680000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
185221fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
185321fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b1be50
185421fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b1be50
185521fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
185621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
185721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
185821fc.2200: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
185921fc.2200: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
186021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
186121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
186221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
186321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
186421fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
186521fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
186621fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
186721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
186821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
186921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
187021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
187121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187221fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
187321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
187421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
187521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
187621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
187721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
187821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
187921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
188021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
188121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
188221fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
188321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
188421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
188521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
188621fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
188721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
188821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
188921fc.2200: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
189021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
189121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
189221fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
189321fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
189421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189521fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
189721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
189821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
190021fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
190121fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
190221fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
190321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
190421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
190521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
190621fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
190721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
190821fc.2200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
190921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
191021fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
191121fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
191221fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
191321fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
191421fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
191521fc.2200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
191621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff822850000 LB 0x000a3000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
191721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
191821fc.2200: supR3HardenedDllNotificationCallback: load 00007ff822a90000 LB 0x002a8000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
191921fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
192021fc.2200: supR3HardenedDllNotificationCallback: load 00007ff829300000 LB 0x000e3000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
192121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
192221fc.2200: supR3HardenedDllNotificationCallback: load 00007ff815c80000 LB 0x0004a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
192321fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
192421fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff815c80000 'C:\WINDOWS\system32\dataexchange.dll'
192521fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
192621fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
192721fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
192821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
192921fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
193021fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
193121fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
193221fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
193321fc.2200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
193421fc.2200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
193521fc.2200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
193621fc.2200: supR3HardenedDllNotificationCallback: load 00007ff82b600000 LB 0x00100000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
193721fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
193821fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
193921fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
194021fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
194121fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
194221fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
194321fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
194421fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
194521fc.2200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
194621fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
194721fc.2200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194821fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82c150000 'C:\WINDOWS\system32\rsaenh.dll'
194921fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82d710000 'C:\WINDOWS\system32\crypt32.dll'
195021fc.2200: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
195121fc.2200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
195221fc.2200: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
195321fc.2200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff82f6e0000 'C:\WINDOWS\system32\MSCTF.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy