VirtualBox

Ticket #15931: VBoxHardening.log

File VBoxHardening.log, 371.3 KB (added by niconico999, 8 years ago)
Line 
137a0.3750: Log file opened: 5.1.7r110653 g_hStartupLog=0000000000000164 g_uNtVerCombined=0xa0295a00
237a0.3750: \SystemRoot\System32\ntdll.dll:
337a0.3750: CreationTime: 2016-09-09T17:21:38.058509900Z
437a0.3750: LastWriteTime: 2016-09-09T17:21:38.063168700Z
537a0.3750: ChangeTime: 2016-09-09T17:22:43.211575200Z
637a0.3750: FileAttributes: 0x20
737a0.3750: Size: 0x1bc248
837a0.3750: NT Headers: 0xe0
937a0.3750: Timestamp: 0x571af2eb
1037a0.3750: Machine: 0x8664 - amd64
1137a0.3750: Timestamp: 0x571af2eb
1237a0.3750: Image Version: 10.0
1337a0.3750: SizeOfImage: 0x1c1000 (1839104)
1437a0.3750: Resource Dir: 0x159000 LB 0x66218
1537a0.3750: ProductName: Microsoft® Windows® Operating System
1637a0.3750: ProductVersion: 10.0.10586.306
1737a0.3750: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
1837a0.3750: FileDescription: NT Layer DLL
1937a0.3750: \SystemRoot\System32\kernel32.dll:
2037a0.3750: CreationTime: 2015-10-30T07:17:46.221743200Z
2137a0.3750: LastWriteTime: 2015-10-30T07:17:46.221743200Z
2237a0.3750: ChangeTime: 2016-09-09T17:24:15.594130300Z
2337a0.3750: FileAttributes: 0x20
2437a0.3750: Size: 0xac430
2537a0.3750: NT Headers: 0xf0
2637a0.3750: Timestamp: 0x5632d5aa
2737a0.3750: Machine: 0x8664 - amd64
2837a0.3750: Timestamp: 0x5632d5aa
2937a0.3750: Image Version: 10.0
3037a0.3750: SizeOfImage: 0xad000 (708608)
3137a0.3750: Resource Dir: 0xab000 LB 0x528
3237a0.3750: ProductName: Microsoft® Windows® Operating System
3337a0.3750: ProductVersion: 10.0.10586.0
3437a0.3750: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
3537a0.3750: FileDescription: Windows NT BASE API Client DLL
3637a0.3750: \SystemRoot\System32\KernelBase.dll:
3737a0.3750: CreationTime: 2016-09-09T17:21:34.647183800Z
3837a0.3750: LastWriteTime: 2016-09-09T17:21:34.647183800Z
3937a0.3750: ChangeTime: 2016-09-09T17:24:15.792368800Z
4037a0.3750: FileAttributes: 0x20
4137a0.3750: Size: 0x1e7a10
4237a0.3750: NT Headers: 0xf0
4337a0.3750: Timestamp: 0x571af331
4437a0.3750: Machine: 0x8664 - amd64
4537a0.3750: Timestamp: 0x571af331
4637a0.3750: Image Version: 10.0
4737a0.3750: SizeOfImage: 0x1e8000 (1998848)
4837a0.3750: Resource Dir: 0x1d1000 LB 0x548
4937a0.3750: ProductName: Microsoft® Windows® Operating System
5037a0.3750: ProductVersion: 10.0.10586.306
5137a0.3750: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
5237a0.3750: FileDescription: Windows NT BASE API Client DLL
5337a0.3750: \SystemRoot\System32\apisetschema.dll:
5437a0.3750: CreationTime: 2015-10-30T07:17:57.502957900Z
5537a0.3750: LastWriteTime: 2015-10-30T07:17:57.502957900Z
5637a0.3750: ChangeTime: 2016-09-09T17:13:57.320840700Z
5737a0.3750: FileAttributes: 0x20
5837a0.3750: Size: 0x16d60
5937a0.3750: NT Headers: 0xc8
6037a0.3750: Timestamp: 0x5632d94c
6137a0.3750: Machine: 0x8664 - amd64
6237a0.3750: Timestamp: 0x5632d94c
6337a0.3750: Image Version: 10.0
6437a0.3750: SizeOfImage: 0x18000 (98304)
6537a0.3750: Resource Dir: 0x17000 LB 0x400
6637a0.3750: ProductName: Microsoft® Windows® Operating System
6737a0.3750: ProductVersion: 10.0.10586.0
6837a0.3750: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
6937a0.3750: FileDescription: ApiSet Schema DLL
7037a0.3750: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7137a0.3750: supR3HardenedWinFindAdversaries: 0x3
7237a0.3750: \SystemRoot\System32\drivers\SysPlant.sys:
7337a0.3750: CreationTime: 2016-09-09T08:57:35.739428500Z
7437a0.3750: LastWriteTime: 2016-09-09T08:57:35.755076200Z
7537a0.3750: ChangeTime: 2016-09-09T08:57:35.755076200Z
7637a0.3750: FileAttributes: 0x20
7737a0.3750: Size: 0x28fb0
7837a0.3750: NT Headers: 0xf0
7937a0.3750: Timestamp: 0x56dd2c89
8037a0.3750: Machine: 0x8664 - amd64
8137a0.3750: Timestamp: 0x56dd2c89
8237a0.3750: Image Version: 5.0
8337a0.3750: SizeOfImage: 0x2f000 (192512)
8437a0.3750: Resource Dir: 0x2d000 LB 0x498
8537a0.3750: ProductName: Symantec CMC Firewall
8637a0.3750: ProductVersion: 12.1.6860.6400
8737a0.3750: FileVersion: 12.1.6860.6400
8837a0.3750: FileDescription: Symantec CMC Firewall SysPlant
8937a0.3750: \SystemRoot\System32\sysfer.dll:
9037a0.3750: CreationTime: 2016-09-09T08:57:35.692577200Z
9137a0.3750: LastWriteTime: 2016-09-09T08:57:35.723824400Z
9237a0.3750: ChangeTime: 2016-09-09T08:57:35.723824400Z
9337a0.3750: FileAttributes: 0x20
9437a0.3750: Size: 0x71c70
9537a0.3750: NT Headers: 0xe8
9637a0.3750: Timestamp: 0x56dd2c96
9737a0.3750: Machine: 0x8664 - amd64
9837a0.3750: Timestamp: 0x56dd2c96
9937a0.3750: Image Version: 0.0
10037a0.3750: SizeOfImage: 0x89000 (561152)
10137a0.3750: Resource Dir: 0x87000 LB 0x630
10237a0.3750: ProductName: Symantec CMC Firewall
10337a0.3750: ProductVersion: 12.1.6860.6400
10437a0.3750: FileVersion: 12.1.6860.6400
10537a0.3750: FileDescription: Symantec CMC Firewall sysfer
10637a0.3750: \SystemRoot\System32\drivers\symevent64x86.sys:
10737a0.3750: CreationTime: 2016-09-09T08:59:06.378846200Z
10837a0.3750: LastWriteTime: 2016-09-09T08:59:06.285088500Z
10937a0.3750: ChangeTime: 2016-09-09T08:59:06.285088500Z
11037a0.3750: FileAttributes: 0x20
11137a0.3750: Size: 0x2b8d8
11237a0.3750: NT Headers: 0xe8
11337a0.3750: Timestamp: 0x54b87d44
11437a0.3750: Machine: 0x8664 - amd64
11537a0.3750: Timestamp: 0x54b87d44
11637a0.3750: Image Version: 6.0
11737a0.3750: SizeOfImage: 0x38000 (229376)
11837a0.3750: Resource Dir: 0x36000 LB 0x3c8
11937a0.3750: ProductName: SYMEVENT
12037a0.3750: ProductVersion: 12.9.6.12
12137a0.3750: FileVersion: 12.9.6.12
12237a0.3750: FileDescription: Symantec Event Library
12337a0.3750: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
12437a0.3750: Calling main()
12537a0.3750: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
12637a0.3750: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
12737a0.3750: SUPR3HardenedMain: Respawn #1
12837a0.3750: System32: \Device\HarddiskVolume4\Windows\System32
12937a0.3750: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
13037a0.3750: KnownDllPath: C:\windows\system32
13137a0.3750: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13237a0.3750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
13337a0.3750: supR3HardNtEnableThreadCreation:
13437a0.3750: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc59b6d50 pvNtTerminateThread=00007ffcc59e5b30
13537a0.3750: supR3HardenedWinDoReSpawn(1): New child a7c.3594 [kernel32].
13637a0.3750: supR3HardNtChildGatherData: PebBaseAddress=0000000000292000 cbPeb=0x388
13737a0.3750: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcc5940000 uNtDllChildAddr=00007ffcc5940000
13837a0.3750: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcc59b6d50
13937a0.3750: supR3HardenedWinSetupChildInit: Start child.
14037a0.3750: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
14137a0.3750: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
14237a0.3750: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
14337a0.3750: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
14437a0.3750: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
14537a0.3750: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
14637a0.3750: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
14737a0.3750: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000
14837a0.3750: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000
14937a0.3750: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000
15037a0.3750: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
15137a0.3750: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
15237a0.3750: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
15337a0.3750: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
15437a0.3750: *0000000000200000-000000000016dfff 0x0000/0x0004 0x0020000
15537a0.3750: 0000000000292000-000000000028efff 0x0004/0x0004 0x0020000
15637a0.3750: 0000000000295000-0000000000129fff 0x0000/0x0004 0x0020000
15737a0.3750: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
15837a0.3750: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
15937a0.3750: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
16037a0.3750: 000000007fff0000-ffff800af3a9ffff 0x0001/0x0000 0x0000000
16137a0.3750: *00007ff60c540000-00007ff60c51cfff 0x0002/0x0002 0x0040000
16237a0.3750: 00007ff60c563000-00007ff60bed5fff 0x0001/0x0000 0x0000000
16337a0.3750: *00007ff60cbf0000-00007ff60cbf0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16437a0.3750: 00007ff60cbf1000-00007ff60cc5ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16537a0.3750: 00007ff60cc60000-00007ff60cc60fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16637a0.3750: 00007ff60cc61000-00007ff60cca5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16737a0.3750: 00007ff60cca6000-00007ff60cca6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16837a0.3750: 00007ff60cca7000-00007ff60cca7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16937a0.3750: 00007ff60cca8000-00007ff60ccacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17037a0.3750: 00007ff60ccad000-00007ff60ccadfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17137a0.3750: 00007ff60ccae000-00007ff60ccaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17237a0.3750: 00007ff60ccaf000-00007ff60ccb2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17337a0.3750: 00007ff60ccb3000-00007ff60ccfafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17437a0.3750: 00007ff60ccfb000-00007ff60ccf5fff 0x0001/0x0000 0x0000000
17537a0.3750: *00007ff60cd00000-00007ff60ccfefff 0x0040/0x0040 0x0020000 !!
17637a0.3750: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff60cd00000 (LB 0x1000, 00007ff60cd00000 LB 0x1000)
17737a0.3750: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff60cd00000/00007ff60cd00000 LB 0/0x1000]
17837a0.3750: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff60cd00000 LB 0x6b8c40000 s=0x10000 ap=0x0 rp=0xe9c9929c00000001
17937a0.3750: 00007ff60cd01000-00007fef540c1fff 0x0001/0x0000 0x0000000
18037a0.3750: *00007ffcc5940000-00007ffcc5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18137a0.3750: 00007ffcc5941000-00007ffcc5a3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18237a0.3750: 00007ffcc5a3e000-00007ffcc5a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18337a0.3750: 00007ffcc5a7f000-00007ffcc5a87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18437a0.3750: 00007ffcc5a88000-00007ffcc5a94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18537a0.3750: 00007ffcc5a95000-00007ffcc5a95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18637a0.3750: 00007ffcc5a96000-00007ffcc5a98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18737a0.3750: 00007ffcc5a99000-00007ffcc5b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
18837a0.3750: 00007ffcc5b01000-00007ff98b621fff 0x0001/0x0000 0x0000000
18937a0.3750: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
19037a0.3750: VirtualBox.exe: timestamp 0x57d820fc (rc=VINF_SUCCESS)
19137a0.3750: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
19237a0.3750: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
19337a0.3750: 00007ff60cbf0172 / 0x0000172: 00 != 11
19437a0.3750: 00007ff60cbf0174 / 0x0000174: 00 != 14
19537a0.3750: Restored 0x400 bytes of original file content at 00007ff60cbf0000
19637a0.3750: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
19737a0.3750: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
19837a0.3750: supR3HardNtChildPurify: Startup delay kludge #1/1: 523 ms, 34 sleeps
19937a0.3750: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
20037a0.3750: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
20137a0.3750: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
20237a0.3750: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
20337a0.3750: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
20437a0.3750: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000
20537a0.3750: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000
20637a0.3750: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000
20737a0.3750: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
20837a0.3750: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
20937a0.3750: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
21037a0.3750: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
21137a0.3750: *0000000000200000-000000000016dfff 0x0000/0x0004 0x0020000
21237a0.3750: 0000000000292000-000000000028efff 0x0004/0x0004 0x0020000
21337a0.3750: 0000000000295000-0000000000129fff 0x0000/0x0004 0x0020000
21437a0.3750: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
21537a0.3750: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
21637a0.3750: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
21737a0.3750: 000000007fff0000-ffff800af3a9ffff 0x0001/0x0000 0x0000000
21837a0.3750: *00007ff60c540000-00007ff60c51cfff 0x0002/0x0002 0x0040000
21937a0.3750: 00007ff60c563000-00007ff60bed5fff 0x0001/0x0000 0x0000000
22037a0.3750: *00007ff60cbf0000-00007ff60cbf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22137a0.3750: 00007ff60cbf1000-00007ff60cc5ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22237a0.3750: 00007ff60cc60000-00007ff60cc60fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22337a0.3750: 00007ff60cc61000-00007ff60cca5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22437a0.3750: 00007ff60cca6000-00007ff60ccb2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22537a0.3750: 00007ff60ccb3000-00007ff60ccfafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
22637a0.3750: 00007ff60ccfb000-00007fef540b5fff 0x0001/0x0000 0x0000000
22737a0.3750: *00007ffcc5940000-00007ffcc5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22837a0.3750: 00007ffcc5941000-00007ffcc5a3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22937a0.3750: 00007ffcc5a3e000-00007ffcc5a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23037a0.3750: 00007ffcc5a7f000-00007ffcc5a82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23137a0.3750: 00007ffcc5a83000-00007ffcc5a87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23237a0.3750: 00007ffcc5a88000-00007ffcc5a94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23337a0.3750: 00007ffcc5a95000-00007ffcc5a95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23437a0.3750: 00007ffcc5a96000-00007ffcc5a98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23537a0.3750: 00007ffcc5a99000-00007ffcc5b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
23637a0.3750: 00007ffcc5b01000-00007ff98b621fff 0x0001/0x0000 0x0000000
23737a0.3750: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
23837a0.3750: supR3HardNtChildPurify: Done after 1102 ms and 2 fixes (loop #1).
239a7c.3594: Log file opened: 5.1.7r110653 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
240a7c.3594: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcc5940000 g_uNtVerCombined=0xa0295a00
24137a0.3750: supR3HardNtEnableThreadCreation:
242a7c.3594: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
243a7c.3594: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
244a7c.3594: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
245a7c.3594: System32: \Device\HarddiskVolume4\Windows\System32
246a7c.3594: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
247a7c.3594: KnownDllPath: C:\windows\system32
248a7c.3594: supR3HardenedVmProcessInit: Opening vboxdrv stub...
249a7c.3594: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
250a7c.3594: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
251a7c.3594: Registered Dll notification callback with NTDLL.
252a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
253a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
254a7c.3594: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
255a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc20e0000 LB 0x001e8000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
256a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
257a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
258a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc5830000 LB 0x000ad000 C:\windows\system32\KERNEL32.DLL [fFlags=0x0]
259a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
260a7c.3594: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc5830000 'C:\windows\system32\KERNEL32.DLL'
261a7c.3594: supR3HardenedDllNotificationCallback: load 00007ff60cbf0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
262a7c.3594: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
263a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
264a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
265a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
266a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
267a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
268a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll)
269a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll
270a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
271a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
272a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'ws2_32.dll'.
273a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'nsi.dll'.
274a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
275a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
276a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
277a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
278a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
280a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
281a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
282a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
283a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
284a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
285a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
286a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
287a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
288a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
289a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
290a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
293a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
294a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
295a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
296a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
297a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
298a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
299a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
300a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
301a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
302a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
303a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
304a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
305a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
306a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
307a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
308a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
309a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
310a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
311a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
312a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
313a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
315a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
316a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
317a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
318a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
319a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
320a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
321a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
322a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
323a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)
324a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
325a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
326a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
327a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
328a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
329a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
330a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
331a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
332a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
333a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
334a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
335a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
336a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
337a7c.3594: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
338a7c.3594: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
339a7c.3594: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
340a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc2d40000 LB 0x0009d000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
341a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
342a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3a80000 LB 0x0011c000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
343a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
344a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3c80000 LB 0x0005b000 C:\windows\system32\sechost.dll [fFlags=0x0]
345a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
346a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3070000 LB 0x000a7000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
347a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
348a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc2390000 LB 0x00043000 C:\windows\system32\cfgmgr32.dll [fFlags=0x0]
349a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
350a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
351a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc2a30000 LB 0x0006a000 C:\windows\system32\bcryptPrimitives.dll [fFlags=0x0]
352a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
353a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
354a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc5570000 LB 0x0027d000 C:\windows\system32\combase.dll [fFlags=0x0]
355a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
356a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
357a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
358a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
359a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
360a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc2eb0000 LB 0x00156000 C:\windows\system32\USER32.dll [fFlags=0x0]
361a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
362a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc31f0000 LB 0x00186000 C:\windows\system32\GDI32.dll [fFlags=0x0]
363a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
364a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3010000 LB 0x00052000 C:\windows\system32\shlwapi.dll [fFlags=0x0]
365a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
366a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
367a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
368a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
369a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
370a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc1fb0000 LB 0x0000f000 C:\windows\system32\kernel.appcore.dll [fFlags=0x0]
371a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
372a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
373a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
374a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
375a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc22d0000 LB 0x000b5000 C:\windows\system32\shcore.dll [fFlags=0x0]
376a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
377a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
378a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
379a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
380a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
381a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc1f60000 LB 0x0004b000 C:\windows\system32\powrprof.dll [fFlags=0x0]
382a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
383a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
384a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
385a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
386a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc1fc0000 LB 0x00014000 C:\windows\system32\profapi.dll [fFlags=0x0]
387a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
388a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
389a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc23e0000 LB 0x00644000 C:\windows\system32\windows.storage.dll [fFlags=0x0]
390a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
391a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
392a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
393a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
394a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
395a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
396a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3e90000 LB 0x0155c000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
397a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
398a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3c00000 LB 0x0006b000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
399a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
400a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc3c70000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
401a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
402a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc08a0000 LB 0x000aa000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
403a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
404a7c.3594: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x00057000 C:\windows\System32\QIPCAP64.dll [fFlags=0x0]
405a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
406a7c.3594: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
407a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
408a7c.3594: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
409a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
410a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
411a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
412a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
413a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
414a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
415a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
416a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
417a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
418a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
419a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
420a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
421a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
422a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
423a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
424a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
425a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
426a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
427a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
428a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
429a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
430a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
431a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
432a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
433a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
434a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
435a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
436a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
437a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
438a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
439a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
440a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
441a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
442a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
443a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
444a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
445a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
446a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
447a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
448a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
449a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
450a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
451a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
452a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
453a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
454a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
455a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
456a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
457a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
458a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
459a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
460a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
461a7c.3594: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
462a7c.3594: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
463a7c.3594: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
464a7c.3594: supR3HardenedDllNotificationCallback: load 00007ffcc57f0000 LB 0x0003b000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
465a7c.3594: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
466a7c.3594: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc57f0000 'C:\windows\system32\IMM32.DLL'
467a7c.3594: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\windows\System32\QIPCAP64.dll'
468a7c.3594: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc59b6d50 pvNtTerminateThread=00007ffcc59e5b30
46937a0.3750: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 783 ms.
470a7c.3594: \SystemRoot\System32\ntdll.dll:
471a7c.3594: CreationTime: 2016-09-09T17:21:38.058509900Z
472a7c.3594: LastWriteTime: 2016-09-09T17:21:38.063168700Z
473a7c.3594: ChangeTime: 2016-09-09T17:22:43.211575200Z
474a7c.3594: FileAttributes: 0x20
475a7c.3594: Size: 0x1bc248
476a7c.3594: NT Headers: 0xe0
477a7c.3594: Timestamp: 0x571af2eb
478a7c.3594: Machine: 0x8664 - amd64
479a7c.3594: Timestamp: 0x571af2eb
480a7c.3594: Image Version: 10.0
481a7c.3594: SizeOfImage: 0x1c1000 (1839104)
482a7c.3594: Resource Dir: 0x159000 LB 0x66218
483a7c.3594: ProductName: Microsoft® Windows® Operating System
484a7c.3594: ProductVersion: 10.0.10586.306
485a7c.3594: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
486a7c.3594: FileDescription: NT Layer DLL
487a7c.3594: \SystemRoot\System32\kernel32.dll:
488a7c.3594: CreationTime: 2015-10-30T07:17:46.221743200Z
489a7c.3594: LastWriteTime: 2015-10-30T07:17:46.221743200Z
490a7c.3594: ChangeTime: 2016-09-09T17:24:15.594130300Z
491a7c.3594: FileAttributes: 0x20
492a7c.3594: Size: 0xac430
493a7c.3594: NT Headers: 0xf0
494a7c.3594: Timestamp: 0x5632d5aa
495a7c.3594: Machine: 0x8664 - amd64
496a7c.3594: Timestamp: 0x5632d5aa
497a7c.3594: Image Version: 10.0
498a7c.3594: SizeOfImage: 0xad000 (708608)
499a7c.3594: Resource Dir: 0xab000 LB 0x528
500a7c.3594: ProductName: Microsoft® Windows® Operating System
501a7c.3594: ProductVersion: 10.0.10586.0
502a7c.3594: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
503a7c.3594: FileDescription: Windows NT BASE API Client DLL
504a7c.3594: \SystemRoot\System32\KernelBase.dll:
505a7c.3594: CreationTime: 2016-09-09T17:21:34.647183800Z
506a7c.3594: LastWriteTime: 2016-09-09T17:21:34.647183800Z
507a7c.3594: ChangeTime: 2016-09-09T17:24:15.792368800Z
508a7c.3594: FileAttributes: 0x20
509a7c.3594: Size: 0x1e7a10
510a7c.3594: NT Headers: 0xf0
511a7c.3594: Timestamp: 0x571af331
512a7c.3594: Machine: 0x8664 - amd64
513a7c.3594: Timestamp: 0x571af331
514a7c.3594: Image Version: 10.0
515a7c.3594: SizeOfImage: 0x1e8000 (1998848)
516a7c.3594: Resource Dir: 0x1d1000 LB 0x548
517a7c.3594: ProductName: Microsoft® Windows® Operating System
518a7c.3594: ProductVersion: 10.0.10586.306
519a7c.3594: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
520a7c.3594: FileDescription: Windows NT BASE API Client DLL
521a7c.3594: \SystemRoot\System32\apisetschema.dll:
522a7c.3594: CreationTime: 2015-10-30T07:17:57.502957900Z
523a7c.3594: LastWriteTime: 2015-10-30T07:17:57.502957900Z
524a7c.3594: ChangeTime: 2016-09-09T17:13:57.320840700Z
525a7c.3594: FileAttributes: 0x20
526a7c.3594: Size: 0x16d60
527a7c.3594: NT Headers: 0xc8
528a7c.3594: Timestamp: 0x5632d94c
529a7c.3594: Machine: 0x8664 - amd64
530a7c.3594: Timestamp: 0x5632d94c
531a7c.3594: Image Version: 10.0
532a7c.3594: SizeOfImage: 0x18000 (98304)
533a7c.3594: Resource Dir: 0x17000 LB 0x400
534a7c.3594: ProductName: Microsoft® Windows® Operating System
535a7c.3594: ProductVersion: 10.0.10586.0
536a7c.3594: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
537a7c.3594: FileDescription: ApiSet Schema DLL
538a7c.3594: NtOpenDirectoryObject failed on \Driver: 0xc0000022
539a7c.3594: supR3HardenedWinFindAdversaries: 0x3
540a7c.3594: \SystemRoot\System32\drivers\SysPlant.sys:
541a7c.3594: CreationTime: 2016-09-09T08:57:35.739428500Z
542a7c.3594: LastWriteTime: 2016-09-09T08:57:35.755076200Z
543a7c.3594: ChangeTime: 2016-09-09T08:57:35.755076200Z
544a7c.3594: FileAttributes: 0x20
545a7c.3594: Size: 0x28fb0
546a7c.3594: NT Headers: 0xf0
547a7c.3594: Timestamp: 0x56dd2c89
548a7c.3594: Machine: 0x8664 - amd64
549a7c.3594: Timestamp: 0x56dd2c89
550a7c.3594: Image Version: 5.0
551a7c.3594: SizeOfImage: 0x2f000 (192512)
552a7c.3594: Resource Dir: 0x2d000 LB 0x498
553a7c.3594: ProductName: Symantec CMC Firewall
554a7c.3594: ProductVersion: 12.1.6860.6400
555a7c.3594: FileVersion: 12.1.6860.6400
556a7c.3594: FileDescription: Symantec CMC Firewall SysPlant
557a7c.3594: \SystemRoot\System32\sysfer.dll:
558a7c.3594: CreationTime: 2016-09-09T08:57:35.692577200Z
559a7c.3594: LastWriteTime: 2016-09-09T08:57:35.723824400Z
560a7c.3594: ChangeTime: 2016-09-09T08:57:35.723824400Z
561a7c.3594: FileAttributes: 0x20
562a7c.3594: Size: 0x71c70
563a7c.3594: NT Headers: 0xe8
564a7c.3594: Timestamp: 0x56dd2c96
565a7c.3594: Machine: 0x8664 - amd64
566a7c.3594: Timestamp: 0x56dd2c96
567a7c.3594: Image Version: 0.0
568a7c.3594: SizeOfImage: 0x89000 (561152)
569a7c.3594: Resource Dir: 0x87000 LB 0x630
570a7c.3594: ProductName: Symantec CMC Firewall
571a7c.3594: ProductVersion: 12.1.6860.6400
572a7c.3594: FileVersion: 12.1.6860.6400
573a7c.3594: FileDescription: Symantec CMC Firewall sysfer
574a7c.3594: \SystemRoot\System32\drivers\symevent64x86.sys:
575a7c.3594: CreationTime: 2016-09-09T08:59:06.378846200Z
576a7c.3594: LastWriteTime: 2016-09-09T08:59:06.285088500Z
577a7c.3594: ChangeTime: 2016-09-09T08:59:06.285088500Z
578a7c.3594: FileAttributes: 0x20
579a7c.3594: Size: 0x2b8d8
580a7c.3594: NT Headers: 0xe8
581a7c.3594: Timestamp: 0x54b87d44
582a7c.3594: Machine: 0x8664 - amd64
583a7c.3594: Timestamp: 0x54b87d44
584a7c.3594: Image Version: 6.0
585a7c.3594: SizeOfImage: 0x38000 (229376)
586a7c.3594: Resource Dir: 0x36000 LB 0x3c8
587a7c.3594: ProductName: SYMEVENT
588a7c.3594: ProductVersion: 12.9.6.12
589a7c.3594: FileVersion: 12.9.6.12
590a7c.3594: FileDescription: Symantec Event Library
591a7c.3594: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
592a7c.3594: Calling main()
593a7c.3594: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
594a7c.3594: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
595a7c.3594: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
596a7c.3594: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
597a7c.3594: SUPR3HardenedMain: Respawn #2
598a7c.3594: supR3HardNtEnableThreadCreation:
599a7c.3594: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc59b6d50 pvNtTerminateThread=00007ffcc59e5b30
600a7c.3594: supR3HardenedWinDoReSpawn(2): New child 2850.1fe8 [kernel32].
601a7c.3594: supR3HardNtChildGatherData: PebBaseAddress=00000000003ad000 cbPeb=0x388
602a7c.3594: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcc5940000 uNtDllChildAddr=00007ffcc5940000
603a7c.3594: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcc59b6d50
604a7c.3594: supR3HardenedWinSetupChildInit: Start child.
605a7c.3594: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
606a7c.3594: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 34 sleeps
607a7c.3594: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
608a7c.3594: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
609a7c.3594: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
610a7c.3594: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
611a7c.3594: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
612a7c.3594: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000
613a7c.3594: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000
614a7c.3594: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000
615a7c.3594: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
616a7c.3594: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
617a7c.3594: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
618a7c.3594: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
619a7c.3594: *0000000000200000-0000000000052fff 0x0000/0x0004 0x0020000
620a7c.3594: 00000000003ad000-00000000003a9fff 0x0004/0x0004 0x0020000
621a7c.3594: 00000000003b0000-000000000035ffff 0x0000/0x0004 0x0020000
622a7c.3594: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
623a7c.3594: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
624a7c.3594: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
625a7c.3594: 000000007fff0000-ffff800af410ffff 0x0001/0x0000 0x0000000
626a7c.3594: *00007ff60bed0000-00007ff60beacfff 0x0002/0x0002 0x0040000
627a7c.3594: 00007ff60bef3000-00007ff60b1f5fff 0x0001/0x0000 0x0000000
628a7c.3594: *00007ff60cbf0000-00007ff60cbf0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
629a7c.3594: 00007ff60cbf1000-00007ff60cc5ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
630a7c.3594: 00007ff60cc60000-00007ff60cc60fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
631a7c.3594: 00007ff60cc61000-00007ff60cca5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
632a7c.3594: 00007ff60cca6000-00007ff60cca6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
633a7c.3594: 00007ff60cca7000-00007ff60cca7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
634a7c.3594: 00007ff60cca8000-00007ff60ccacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
635a7c.3594: 00007ff60ccad000-00007ff60ccadfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
636a7c.3594: 00007ff60ccae000-00007ff60ccaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
637a7c.3594: 00007ff60ccaf000-00007ff60ccb2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
638a7c.3594: 00007ff60ccb3000-00007ff60ccfafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
639a7c.3594: 00007ff60ccfb000-00007ff60ccf5fff 0x0001/0x0000 0x0000000
640a7c.3594: *00007ff60cd00000-00007ff60ccfefff 0x0040/0x0040 0x0020000 !!
641a7c.3594: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff60cd00000 (LB 0x1000, 00007ff60cd00000 LB 0x1000)
642a7c.3594: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff60cd00000/00007ff60cd00000 LB 0/0x1000]
643a7c.3594: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff60cd00000 LB 0x6b8c40000 s=0x10000 ap=0x0 rp=0xe9c9929c00000001
644a7c.3594: 00007ff60cd01000-00007fef540c1fff 0x0001/0x0000 0x0000000
645a7c.3594: *00007ffcc5940000-00007ffcc5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
646a7c.3594: 00007ffcc5941000-00007ffcc5a3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
647a7c.3594: 00007ffcc5a3e000-00007ffcc5a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
648a7c.3594: 00007ffcc5a7f000-00007ffcc5a87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
649a7c.3594: 00007ffcc5a88000-00007ffcc5a94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
650a7c.3594: 00007ffcc5a95000-00007ffcc5a95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
651a7c.3594: 00007ffcc5a96000-00007ffcc5a98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
652a7c.3594: 00007ffcc5a99000-00007ffcc5b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
653a7c.3594: 00007ffcc5b01000-00007ff98b621fff 0x0001/0x0000 0x0000000
654a7c.3594: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
655a7c.3594: VirtualBox.exe: timestamp 0x57d820fc (rc=VINF_SUCCESS)
656a7c.3594: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
657a7c.3594: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
658a7c.3594: 00007ff60cbf0172 / 0x0000172: 00 != 11
659a7c.3594: 00007ff60cbf0174 / 0x0000174: 00 != 14
660a7c.3594: Restored 0x400 bytes of original file content at 00007ff60cbf0000
661a7c.3594: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
662a7c.3594: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
663a7c.3594: supR3HardNtChildPurify: Startup delay kludge #1/1: 516 ms, 34 sleeps
664a7c.3594: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
665a7c.3594: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
666a7c.3594: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
667a7c.3594: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
668a7c.3594: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
669a7c.3594: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000
670a7c.3594: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000
671a7c.3594: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000
672a7c.3594: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
673a7c.3594: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
674a7c.3594: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
675a7c.3594: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
676a7c.3594: *0000000000200000-0000000000052fff 0x0000/0x0004 0x0020000
677a7c.3594: 00000000003ad000-00000000003a9fff 0x0004/0x0004 0x0020000
678a7c.3594: 00000000003b0000-000000000035ffff 0x0000/0x0004 0x0020000
679a7c.3594: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
680a7c.3594: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
681a7c.3594: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
682a7c.3594: 000000007fff0000-ffff800af410ffff 0x0001/0x0000 0x0000000
683a7c.3594: *00007ff60bed0000-00007ff60beacfff 0x0002/0x0002 0x0040000
684a7c.3594: 00007ff60bef3000-00007ff60b1f5fff 0x0001/0x0000 0x0000000
685a7c.3594: *00007ff60cbf0000-00007ff60cbf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
686a7c.3594: 00007ff60cbf1000-00007ff60cc5ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
687a7c.3594: 00007ff60cc60000-00007ff60cc60fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
688a7c.3594: 00007ff60cc61000-00007ff60cca5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
689a7c.3594: 00007ff60cca6000-00007ff60ccb2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
690a7c.3594: 00007ff60ccb3000-00007ff60ccfafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
691a7c.3594: 00007ff60ccfb000-00007fef540b5fff 0x0001/0x0000 0x0000000
692a7c.3594: *00007ffcc5940000-00007ffcc5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
693a7c.3594: 00007ffcc5941000-00007ffcc5a3dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
694a7c.3594: 00007ffcc5a3e000-00007ffcc5a7efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
695a7c.3594: 00007ffcc5a7f000-00007ffcc5a82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
696a7c.3594: 00007ffcc5a83000-00007ffcc5a87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
697a7c.3594: 00007ffcc5a88000-00007ffcc5a94fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
698a7c.3594: 00007ffcc5a95000-00007ffcc5a95fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
699a7c.3594: 00007ffcc5a96000-00007ffcc5a98fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
700a7c.3594: 00007ffcc5a99000-00007ffcc5b00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
701a7c.3594: 00007ffcc5b01000-00007ff98b621fff 0x0001/0x0000 0x0000000
702a7c.3594: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
703a7c.3594: supR3HardNtChildPurify: Done after 1174 ms and 2 fixes (loop #1).
7042850.1fe8: Log file opened: 5.1.7r110653 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
7052850.1fe8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcc5940000 g_uNtVerCombined=0xa0295a00
706a7c.3594: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
7072850.1fe8: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
7082850.1fe8: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation)
709a7c.3594: supR3HardNtEnableThreadCreation:
7102850.1fe8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7112850.1fe8: System32: \Device\HarddiskVolume4\Windows\System32
7122850.1fe8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
7132850.1fe8: KnownDllPath: C:\windows\system32
7142850.1fe8: supR3HardenedVmProcessInit: Opening vboxdrv...
7152850.1fe8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7162850.1fe8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7172850.1fe8: Registered Dll notification callback with NTDLL.
7182850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
7192850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
7202850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
7212850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc20e0000 LB 0x001e8000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
7222850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
7232850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7242850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc5830000 LB 0x000ad000 C:\windows\system32\KERNEL32.DLL [fFlags=0x0]
7252850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7262850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc5830000 'C:\windows\system32\KERNEL32.DLL'
7272850.1fe8: supR3HardenedDllNotificationCallback: load 00007ff60cbf0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
7282850.1fe8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7292850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7302850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7312850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
7322850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
7332850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
7342850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll)
7352850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll
7362850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
7372850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
7382850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'ws2_32.dll'.
7392850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'nsi.dll'.
7402850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
7412850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
7422850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
7432850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
7442850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7452850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
7462850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
7472850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
7482850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
7492850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7502850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7512850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7522850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
7532850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
7542850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
7552850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
7562850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7572850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7582850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
7592850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7602850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7612850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7622850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7632850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
7642850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
7652850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7662850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7672850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
7682850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
7692850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7702850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7712850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
7722850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
7732850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
7742850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7752850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7762850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
7772850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
7782850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
7792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7802850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7812850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7822850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
7832850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
7842850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
7852850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
7862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
7872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
7882850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
7892850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)
7902850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
7912850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7922850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7932850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7942850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7952850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7962850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7972850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7982850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7992850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
8002850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8012850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8022850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8032850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8042850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
8052850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
8062850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc2d40000 LB 0x0009d000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
8072850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8082850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3a80000 LB 0x0011c000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
8092850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8102850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3c80000 LB 0x0005b000 C:\windows\system32\sechost.dll [fFlags=0x0]
8112850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8122850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3070000 LB 0x000a7000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
8132850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8142850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc2390000 LB 0x00043000 C:\windows\system32\cfgmgr32.dll [fFlags=0x0]
8152850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
8162850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
8172850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc2a30000 LB 0x0006a000 C:\windows\system32\bcryptPrimitives.dll [fFlags=0x0]
8182850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
8192850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
8202850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc5570000 LB 0x0027d000 C:\windows\system32\combase.dll [fFlags=0x0]
8212850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8222850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
8232850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
8242850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
8252850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
8262850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc2eb0000 LB 0x00156000 C:\windows\system32\USER32.dll [fFlags=0x0]
8272850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
8282850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc31f0000 LB 0x00186000 C:\windows\system32\GDI32.dll [fFlags=0x0]
8292850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8302850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3010000 LB 0x00052000 C:\windows\system32\shlwapi.dll [fFlags=0x0]
8312850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8322850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
8332850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
8342850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
8352850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
8362850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1fb0000 LB 0x0000f000 C:\windows\system32\kernel.appcore.dll [fFlags=0x0]
8372850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
8382850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8392850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
8402850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
8412850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc22d0000 LB 0x000b5000 C:\windows\system32\shcore.dll [fFlags=0x0]
8422850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8432850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
8442850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
8452850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
8462850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8472850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1f60000 LB 0x0004b000 C:\windows\system32\powrprof.dll [fFlags=0x0]
8482850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8492850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
8502850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
8512850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
8522850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1fc0000 LB 0x00014000 C:\windows\system32\profapi.dll [fFlags=0x0]
8532850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
8542850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
8552850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc23e0000 LB 0x00644000 C:\windows\system32\windows.storage.dll [fFlags=0x0]
8562850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8572850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
8582850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
8592850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
8602850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
8612850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
8622850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3e90000 LB 0x0155c000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
8632850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
8642850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3c00000 LB 0x0006b000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
8652850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
8662850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3c70000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
8672850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
8682850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc08a0000 LB 0x000aa000 C:\windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
8692850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
8702850.1fe8: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x00057000 C:\windows\System32\QIPCAP64.dll [fFlags=0x0]
8712850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
8722850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
8732850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
8742850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
8752850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8762850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8772850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
8782850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8802850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8812850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8822850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8832850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
8842850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8852850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8862850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8882850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8892850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8902850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8912850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8922850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8932850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8942850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8952850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8962850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8972850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8982850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
8992850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9002850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9012850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9042850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9052850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9062850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9072850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9082850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9102850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9112850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9122850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9132850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
9142850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9152850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9162850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9172850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9192850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9202850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9222850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9252850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9262850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9282850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9292850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9302850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc57f0000 LB 0x0003b000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
9312850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9322850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc57f0000 'C:\windows\system32\IMM32.DLL'
9332850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\windows\System32\QIPCAP64.dll'
9342850.1fe8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc59b6d50 pvNtTerminateThread=00007ffcc59e5b30
935a7c.3594: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 567 ms.
9362850.1fe8: \SystemRoot\System32\ntdll.dll:
9372850.1fe8: CreationTime: 2016-09-09T17:21:38.058509900Z
9382850.1fe8: LastWriteTime: 2016-09-09T17:21:38.063168700Z
9392850.1fe8: ChangeTime: 2016-09-09T17:22:43.211575200Z
9402850.1fe8: FileAttributes: 0x20
9412850.1fe8: Size: 0x1bc248
9422850.1fe8: NT Headers: 0xe0
9432850.1fe8: Timestamp: 0x571af2eb
9442850.1fe8: Machine: 0x8664 - amd64
9452850.1fe8: Timestamp: 0x571af2eb
9462850.1fe8: Image Version: 10.0
9472850.1fe8: SizeOfImage: 0x1c1000 (1839104)
9482850.1fe8: Resource Dir: 0x159000 LB 0x66218
9492850.1fe8: ProductName: Microsoft® Windows® Operating System
9502850.1fe8: ProductVersion: 10.0.10586.306
9512850.1fe8: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
9522850.1fe8: FileDescription: NT Layer DLL
9532850.1fe8: \SystemRoot\System32\kernel32.dll:
9542850.1fe8: CreationTime: 2015-10-30T07:17:46.221743200Z
9552850.1fe8: LastWriteTime: 2015-10-30T07:17:46.221743200Z
9562850.1fe8: ChangeTime: 2016-09-09T17:24:15.594130300Z
9572850.1fe8: FileAttributes: 0x20
9582850.1fe8: Size: 0xac430
9592850.1fe8: NT Headers: 0xf0
9602850.1fe8: Timestamp: 0x5632d5aa
9612850.1fe8: Machine: 0x8664 - amd64
9622850.1fe8: Timestamp: 0x5632d5aa
9632850.1fe8: Image Version: 10.0
9642850.1fe8: SizeOfImage: 0xad000 (708608)
9652850.1fe8: Resource Dir: 0xab000 LB 0x528
9662850.1fe8: ProductName: Microsoft® Windows® Operating System
9672850.1fe8: ProductVersion: 10.0.10586.0
9682850.1fe8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
9692850.1fe8: FileDescription: Windows NT BASE API Client DLL
9702850.1fe8: \SystemRoot\System32\KernelBase.dll:
9712850.1fe8: CreationTime: 2016-09-09T17:21:34.647183800Z
9722850.1fe8: LastWriteTime: 2016-09-09T17:21:34.647183800Z
9732850.1fe8: ChangeTime: 2016-09-09T17:24:15.792368800Z
9742850.1fe8: FileAttributes: 0x20
9752850.1fe8: Size: 0x1e7a10
9762850.1fe8: NT Headers: 0xf0
9772850.1fe8: Timestamp: 0x571af331
9782850.1fe8: Machine: 0x8664 - amd64
9792850.1fe8: Timestamp: 0x571af331
9802850.1fe8: Image Version: 10.0
9812850.1fe8: SizeOfImage: 0x1e8000 (1998848)
9822850.1fe8: Resource Dir: 0x1d1000 LB 0x548
9832850.1fe8: ProductName: Microsoft® Windows® Operating System
9842850.1fe8: ProductVersion: 10.0.10586.306
9852850.1fe8: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
9862850.1fe8: FileDescription: Windows NT BASE API Client DLL
9872850.1fe8: \SystemRoot\System32\apisetschema.dll:
9882850.1fe8: CreationTime: 2015-10-30T07:17:57.502957900Z
9892850.1fe8: LastWriteTime: 2015-10-30T07:17:57.502957900Z
9902850.1fe8: ChangeTime: 2016-09-09T17:13:57.320840700Z
9912850.1fe8: FileAttributes: 0x20
9922850.1fe8: Size: 0x16d60
9932850.1fe8: NT Headers: 0xc8
9942850.1fe8: Timestamp: 0x5632d94c
9952850.1fe8: Machine: 0x8664 - amd64
9962850.1fe8: Timestamp: 0x5632d94c
9972850.1fe8: Image Version: 10.0
9982850.1fe8: SizeOfImage: 0x18000 (98304)
9992850.1fe8: Resource Dir: 0x17000 LB 0x400
10002850.1fe8: ProductName: Microsoft® Windows® Operating System
10012850.1fe8: ProductVersion: 10.0.10586.0
10022850.1fe8: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
10032850.1fe8: FileDescription: ApiSet Schema DLL
10042850.1fe8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
10052850.1fe8: supR3HardenedWinFindAdversaries: 0x3
10062850.1fe8: \SystemRoot\System32\drivers\SysPlant.sys:
10072850.1fe8: CreationTime: 2016-09-09T08:57:35.739428500Z
10082850.1fe8: LastWriteTime: 2016-09-09T08:57:35.755076200Z
10092850.1fe8: ChangeTime: 2016-09-09T08:57:35.755076200Z
10102850.1fe8: FileAttributes: 0x20
10112850.1fe8: Size: 0x28fb0
10122850.1fe8: NT Headers: 0xf0
10132850.1fe8: Timestamp: 0x56dd2c89
10142850.1fe8: Machine: 0x8664 - amd64
10152850.1fe8: Timestamp: 0x56dd2c89
10162850.1fe8: Image Version: 5.0
10172850.1fe8: SizeOfImage: 0x2f000 (192512)
10182850.1fe8: Resource Dir: 0x2d000 LB 0x498
10192850.1fe8: ProductName: Symantec CMC Firewall
10202850.1fe8: ProductVersion: 12.1.6860.6400
10212850.1fe8: FileVersion: 12.1.6860.6400
10222850.1fe8: FileDescription: Symantec CMC Firewall SysPlant
10232850.1fe8: \SystemRoot\System32\sysfer.dll:
10242850.1fe8: CreationTime: 2016-09-09T08:57:35.692577200Z
10252850.1fe8: LastWriteTime: 2016-09-09T08:57:35.723824400Z
10262850.1fe8: ChangeTime: 2016-09-09T08:57:35.723824400Z
10272850.1fe8: FileAttributes: 0x20
10282850.1fe8: Size: 0x71c70
10292850.1fe8: NT Headers: 0xe8
10302850.1fe8: Timestamp: 0x56dd2c96
10312850.1fe8: Machine: 0x8664 - amd64
10322850.1fe8: Timestamp: 0x56dd2c96
10332850.1fe8: Image Version: 0.0
10342850.1fe8: SizeOfImage: 0x89000 (561152)
10352850.1fe8: Resource Dir: 0x87000 LB 0x630
10362850.1fe8: ProductName: Symantec CMC Firewall
10372850.1fe8: ProductVersion: 12.1.6860.6400
10382850.1fe8: FileVersion: 12.1.6860.6400
10392850.1fe8: FileDescription: Symantec CMC Firewall sysfer
10402850.1fe8: \SystemRoot\System32\drivers\symevent64x86.sys:
10412850.1fe8: CreationTime: 2016-09-09T08:59:06.378846200Z
10422850.1fe8: LastWriteTime: 2016-09-09T08:59:06.285088500Z
10432850.1fe8: ChangeTime: 2016-09-09T08:59:06.285088500Z
10442850.1fe8: FileAttributes: 0x20
10452850.1fe8: Size: 0x2b8d8
10462850.1fe8: NT Headers: 0xe8
10472850.1fe8: Timestamp: 0x54b87d44
10482850.1fe8: Machine: 0x8664 - amd64
10492850.1fe8: Timestamp: 0x54b87d44
10502850.1fe8: Image Version: 6.0
10512850.1fe8: SizeOfImage: 0x38000 (229376)
10522850.1fe8: Resource Dir: 0x36000 LB 0x3c8
10532850.1fe8: ProductName: SYMEVENT
10542850.1fe8: ProductVersion: 12.9.6.12
10552850.1fe8: FileVersion: 12.9.6.12
10562850.1fe8: FileDescription: Symantec Event Library
10572850.1fe8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
10582850.1fe8: Calling main()
10592850.1fe8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10602850.1fe8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
10612850.1fe8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
10622850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
10632850.1fe8: SUPR3HardenedMain: Final process, opening VBoxDrv...
10642850.1fe8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
10652850.1fe8: supR3HardNtEnableThreadCreation:
10662850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
10672850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10682850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10692850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10702850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbf5a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10712850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10722850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10732850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10742850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10752850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10762850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10772850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10782850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbf5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10792850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10802850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
10812850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
10822850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
10832850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
10842850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
10852850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10872850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10882850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10892850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10902850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10912850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
10922850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
10932850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10942850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10952850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10962850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
10972850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
10982850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10992850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11002850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11012850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11032850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11042850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11052850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11062850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11072850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11082850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1fe0000 LB 0x00010000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
11092850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11102850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc2ac0000 LB 0x001c8000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
11112850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11122850.1fe8: supR3HardenedDllNotificationCallback: load 0000000000500000 LB 0x00055000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
11132850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11142850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\windows\system32\Wintrust.dll'
11152850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
11162850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
11172850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11182850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11192850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1df0000 LB 0x00029000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
11202850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11212850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc1df0000 'C:\windows\system32\bcrypt.dll'
11222850.1fe8: bcrypt.dll loaded at 00007ffcc1df0000, BCryptOpenAlgorithmProvider at 00007ffcc1df3b50, preloading providers:
11232850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11242850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11252850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2a30000 'C:\windows\system32\bcryptprimitives.dll'
11262850.1fe8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000ab3f80)
11272850.1fe8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000ab9700)
11282850.1fe8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000abaf40)
11292850.1fe8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000ab4dd0)
11302850.1fe8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000ac4cc0)
11312850.1fe8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000ac4f90)
11322850.1fe8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000ac5260)
11332850.1fe8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000aca9a0)
11342850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11352850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11362850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11372850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11382850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11392850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11402850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11412850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11422850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11432850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11442850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11452850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11462850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11472850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11482850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11492850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11502850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11512850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11522850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11532850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11542850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11552850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
11562850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
11572850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1940000 LB 0x00017000 C:\windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
11582850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11592850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
11602850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
11612850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
11622850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11632850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11642850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11652850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11662850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11672850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc15d0000 LB 0x00034000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
11682850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11692850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
11702850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
11712850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
11722850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
11732850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1a60000 LB 0x0000b000 C:\windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
11742850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11752850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11762850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
11772850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
11782850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11792850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11802850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc5830000 'C:\windows\system32\kernel32.dll'
11812850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11822850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
11832850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11842850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11852850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\CRYPT32.dll'
11862850.1fe8: supR3HardenedDllNotificationCallback: load 0000000000770000 LB 0x0001c000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
11872850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11882850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
11892850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
11902850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11912850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11922850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11932850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11942850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11952850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
11962850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11972850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
11982850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
11992850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
12002850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc0e30000 LB 0x00024000 C:\windows\SYSTEM32\gpapi.dll [fFlags=0x0]
12012850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12022850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12032850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
12042850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
12052850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
12062850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12072850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12082850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12102850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12112850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12122850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12132850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12142850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12152850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12162850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12172850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12182850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12192850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12202850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcb7720000 LB 0x0002f000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
12212850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12222850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12232850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12242850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12252850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12262850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12272850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12282850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12292850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12302850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12312850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12322850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12332850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12342850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12352850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12362850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12372850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12382850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12392850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12402850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12412850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12422850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12432850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12442850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12452850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12462850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12472850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12482850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12492850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12502850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\windows\system32\cryptnet.dll'
12512850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12522850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7720000 'C:\Windows\System32\cryptnet.dll'
12532850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12542850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12552850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
12562850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12572850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12582850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
12592850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12602850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000af8d20
12612850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
12622850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
12632850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12642850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3a80000 'C:\windows\system32\rpcrt4.dll'
12652850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12662850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12672850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12682850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12692850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12702850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12712850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12722850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12732850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12742850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12752850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12762850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12772850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12782850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12792850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\Windows\System32\WINTRUST.DLL'
12802850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12812850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12822850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
12832850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12842850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12852850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
12862850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1459_for_KB3156421~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
12872850.1fe8: g_pfnWinVerifyTrust=00000000005074d0
12882850.1fe8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
12892850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12902850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12912850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
12922850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12932850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12942850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
12952850.1fe8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
12962850.1fe8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
12972850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12982850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12992850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13002850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13012850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13022850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13032850.1fe8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
13042850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
13052850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
13062850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
13072850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
13082850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13092850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13102850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13112850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13122850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
13132850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13142850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
13152850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13162850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13172850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13182850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
13192850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13202850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13212850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13222850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
13232850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13242850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13252850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13262850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
13272850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13282850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13292850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13302850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
13312850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13322850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13332850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
13342850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13352850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13362850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
13372850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13382850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13392850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13402850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13412850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
13422850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
13432850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13442850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13452850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13462850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13472850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13482850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
13492850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13502850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13512850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
13522850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13532850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13542850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
13552850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13562850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13572850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
13582850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13592850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13602850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
13612850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13622850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13632850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
13642850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13652850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13662850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
13672850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13682850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13692850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
13702850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13712850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13722850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
13732850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13742850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13752850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
13762850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13772850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13782850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll'
13792850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13802850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13812850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
13822850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13832850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13842850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
13852850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13862850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13872850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
13882850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13892850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13902850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
13912850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
13922850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13932850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13942850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13952850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13962850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
13972850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
13982850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
13992850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14002850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
14012850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14022850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14032850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
14042850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14052850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14062850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
14072850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14082850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14092850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
14102850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14112850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll'
14122850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14132850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
14142850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14152850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14162850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
14172850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14182850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14192850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
14202850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
14212850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4e6f5b254adf3119 DC=com, DC=accenture, DC=svc, DC=dir, OU=People, CN=Accenture Root CA
14222850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14232850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14242850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14252850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
14262850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14272850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14282850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xb3935e08ff5e8300 C=US, ST=CA, L=LG, O=Websense, Inc., OU=Websense Endpoint, Email=support@websense.com, CN=Websense Public Primary Certificate Authority
14292850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14302850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14312850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14322850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14332850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14342850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14352850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
14362850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
14372850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14382850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14392850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
14402850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
14412850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14422850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14432850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
14442850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14452850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14462850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14472850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
14482850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
14492850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14502850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
14512850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14522850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14532850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14542850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14552850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
14562850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
14572850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
14582850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14592850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14602850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
14612850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14622850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4e6f5b254adf3119 DC=com, DC=accenture, DC=svc, DC=dir, OU=People, CN=Accenture Root CA
14632850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14642850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14652850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14662850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b1d5e81c965198 L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
14672850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14682850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
14692850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
14702850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
14712850.1fe8: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
14722850.1fe8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=51
14732850.1fe8: SUPR3HardenedMain: Load Runtime...
14742850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14752850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14762850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14772850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14782850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14792850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14802850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14812850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14822850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14832850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14842850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14852850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
14862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14882850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
14892850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14902850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
14912850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14922850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14932850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14942850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14952850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14962850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14972850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
14982850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14992850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
15002850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
15012850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15022850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15032850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15042850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15052850.1fe8: supR3HardenedDllNotificationCallback: load 0000000069d30000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15062850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15072850.1fe8: supR3HardenedDllNotificationCallback: load 000000006ae10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
15082850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15092850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc84650000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
15102850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15112850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15122850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15132850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15142850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15152850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15162850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15172850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15182850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15192850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15202850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15212850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15222850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15232850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15242850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15252850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15262850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15272850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15282850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15292850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15302850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15312850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15322850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15332850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15342850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15352850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15362850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15372850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15382850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15392850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15402850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15412850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15422850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15432850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15442850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15452850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15462850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15472850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15482850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15492850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15502850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15512850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15522850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15532850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15542850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15552850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15562850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15572850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15582850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15592850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15602850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15612850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84650000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15622850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000500000 'C:\windows\system32\Wintrust.dll'
15632850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
15642850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
15652850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
15662850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
15672850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
15682850.1fe8: SUPR3HardenedMain: Load TrustedMain...
15692850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
15702850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15712850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15722850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
15732850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15742850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
15752850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
15762850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
15772850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
15782850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
15792850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
15802850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
15812850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
15822850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
15832850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
15842850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
15852850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
15862850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
15872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15882850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15892850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
15902850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
15912850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
15922850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
15932850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
15942850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
15952850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
15962850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15972850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15982850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15992850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16002850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16012850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
16042850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
16052850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
16062850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16072850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
16082850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
16092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16102850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16112850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
16122850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
16132850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16142850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
16152850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
16162850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
16172850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16192850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16202850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16222850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16242850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
16252850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16262850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16272850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16282850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
16292850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
16302850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16312850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
16322850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
16332850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
16342850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
16352850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
16362850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
16372850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16382850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16392850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16402850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16412850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16422850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16432850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16442850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16452850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16462850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16472850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16482850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16492850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16502850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
16512850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16522850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16532850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16542850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16552850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16562850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
16572850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16582850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16592850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16602850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16612850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
16622850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
16632850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
16642850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16652850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16662850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
16672850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16682850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
16692850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
16702850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16712850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16722850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
16732850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16742850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16752850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
16762850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16772850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
16782850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
16792850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
16802850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
16812850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
16822850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
16832850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
16842850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
16852850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16882850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
16892850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16902850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16912850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16922850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
16932850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
16942850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
16952850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
16962850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16972850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16982850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16992850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17002850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17012850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17022850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17032850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17042850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17052850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
17062850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
17072850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17082850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17102850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17112850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17122850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17132850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17142850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17152850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17162850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17172850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17192850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
17202850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17222850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
17232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17252850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17262850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17282850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17292850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17302850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17312850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17322850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17332850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17342850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17352850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17362850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17372850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17382850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17392850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17402850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17412850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17422850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
17432850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17442850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17452850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17462850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
17472850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
17482850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
17492850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
17502850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
17512850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17522850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17532850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17542850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17552850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17562850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17572850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
17582850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
17592850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
17602850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
17612850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
17622850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17632850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17642850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
17652850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17662850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17672850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17682850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17692850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17702850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17712850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17722850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17732850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17742850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17752850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17762850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17772850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17782850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
17792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
17802850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
17812850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17822850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
17832850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
17842850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
17852850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
17862850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
17872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
17882850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
17892850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
17902850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17912850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17922850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17932850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
17942850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
17952850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17962850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17972850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17982850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17992850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18002850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18012850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18042850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18052850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18062850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18072850.1fe8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
18082850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18102850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
18112850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
18122850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
18132850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18142850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
18152850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18162850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
18172850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
18182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18192850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18202850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
18212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18222850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18252850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18262850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18282850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18292850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18302850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18312850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
18322850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18332850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18342850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
18352850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
18362850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
18372850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
18382850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
18392850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
18402850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
18412850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18422850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18432850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18442850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
18452850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18462850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18472850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
18482850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18492850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18502850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
18512850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18522850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
18532850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
18542850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
18552850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
18562850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
18572850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'firewallapi.dll'.
18582850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'netapi32.dll'.
18592850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
18602850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
18612850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18622850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18632850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
18642850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18652850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
18662850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
18672850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
18682850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18692850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18702850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
18712850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18722850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18732850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
18742850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18752850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18762850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
18772850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18782850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18802850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18812850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
18822850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
18832850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
18842850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18852850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
18872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
18882850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
18892850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18902850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\netapi32.dll)
18912850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\netapi32.dll
18922850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
18932850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
18942850.1fe8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll'.
18952850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18962850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18972850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll)
18982850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll
18992850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19002850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19012850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
19032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
19042850.1fe8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
19052850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19062850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19072850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19082850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
19092850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
19102850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19112850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19122850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19132850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19142850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
19152850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19162850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19172850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19192850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19202850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19222850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19252850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19262850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19282850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19292850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19302850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19312850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19322850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19332850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
19342850.1fe8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
19352850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19362850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19372850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
19382850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
19392850.1fe8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
19402850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19412850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19422850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
19432850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
19442850.1fe8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
19452850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19462850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19472850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
19482850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
19492850.1fe8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
19502850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19512850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19522850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19532850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19542850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19552850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19562850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19572850.1fe8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
19582850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
19592850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
19602850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
19612850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A59A12801C3E68C49056D7AF56FE4F31F6CB06E1
19622850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
19632850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
19642850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19652850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19662850.1fe8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19672850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
19682850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
19692850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
19702850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19712850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19722850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19732850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
19742850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19752850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
19762850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
19772850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
19782850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
19792850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
19802850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19812850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19822850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19832850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll)
19842850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll
19852850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
19862850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
19872850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19882850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\davhlpr.dll)
19892850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\davhlpr.dll
19902850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcb42f0000 LB 0x00008000 C:\windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
19912850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
19922850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffca6860000 LB 0x000fa000 C:\windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
19932850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
19942850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcae920000 LB 0x0002e000 C:\windows\SYSTEM32\GLU32.dll [fFlags=0x0]
19952850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
19962850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffca45a0000 LB 0x00129000 C:\windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
19972850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
19982850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc37c0000 LB 0x00143000 C:\windows\system32\ole32.dll [fFlags=0x0]
19992850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20002850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcac3b0000 LB 0x0001b000 C:\windows\SYSTEM32\MPR.dll [fFlags=0x0]
20012850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
20022850.1fe8: supR3HardenedDllNotificationCallback: load 0000000069280000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
20032850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20042850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc831d0000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
20052850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20062850.1fe8: supR3HardenedDllNotificationCallback: load 00000000697e0000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
20072850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20082850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcb0f70000 LB 0x00084000 C:\windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
20092850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
20102850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc968f0000 LB 0x000aa000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\COMCTL32.dll [fFlags=0x0]
20112850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll [avoiding WinVerifyTrust]
20122850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1ff0000 LB 0x00086000 C:\windows\system32\FirewallAPI.dll [fFlags=0x0]
20132850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll [avoiding WinVerifyTrust]
20142850.1fe8: supR3HardenedDllNotificationCallback: load 00000000025a0000 LB 0x00017000 C:\windows\system32\NETAPI32.dll [fFlags=0x0]
20152850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
20162850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffca65d0000 LB 0x0000c000 C:\windows\SYSTEM32\DAVHLPR.DLL [fFlags=0x0]
20172850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\davhlpr.dll [avoiding WinVerifyTrust]
20182850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc53f0000 LB 0x0010b000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
20192850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
20202850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc9db00000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
20212850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
20222850.1fe8: supR3HardenedDllNotificationCallback: load 000000006c840000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
20232850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20242850.1fe8: supR3HardenedDllNotificationCallback: load 00000000037b0000 LB 0x000c1000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
20252850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
20262850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc0580000 LB 0x0002c000 C:\windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
20272850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
20282850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc05e0000 LB 0x00023000 C:\windows\SYSTEM32\WINMM.dll [fFlags=0x0]
20292850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
20302850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc823c0000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
20312850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
20322850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\davhlpr.dll'.
20332850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\davhlpr.dll' [rescheduled]
20342850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll'.
20352850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\comctl32.dll' [rescheduled]
20362850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
20372850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
20382850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll'.
20392850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\FirewallAPI.dll' [rescheduled]
20402850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
20412850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
20422850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
20432850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
20442850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
20452850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
20462850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
20472850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
20482850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20492850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20502850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
20512850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
20522850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
20532850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
20542850.1fe8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
20552850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
20562850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
20572850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20582850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20592850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20602850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20612850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20622850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20632850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20642850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20652850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20662850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20672850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc57f0000 'C:\windows\system32\imm32.dll'
20682850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20692850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
20702850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\fwbase.dll)
20712850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\fwbase.dll
20722850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc0c10000 LB 0x00032000 C:\windows\SYSTEM32\fwbase.dll [fFlags=0x0]
20732850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\fwbase.dll [avoiding WinVerifyTrust]
20742850.1fe8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\fwbase.dll'.
20752850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\fwbase.dll' [rescheduled]
20762850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20772850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20782850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20792850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
20802850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20812850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20822850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20832850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3070000 'C:\windows\system32\ADVAPI32.DLL'
20842850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc823c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
20852850.1fe8: SUPR3HardenedMain: Calling TrustedMain (00007ffc823c1610)...
20862850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20872850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20882850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3e90000 'C:\windows\system32\shell32.dll'
20892850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
20902850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
20912850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
20922850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
20932850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
20942850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
20952850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
20962850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
20972850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
20982850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
20992850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
21002850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
21012850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
21022850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21042850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21052850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21062850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21072850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21082850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21092850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21102850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21112850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21122850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21132850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21142850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21152850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21162850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21172850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
21182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21192850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21202850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
21212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21222850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21232850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
21242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21252850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21262850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
21272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21282850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21292850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
21302850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21312850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21322850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
21332850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21342850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21352850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffc9c250000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
21362850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21372850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9c250000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
21382850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
21392850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
21402850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
21412850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679
21422850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
21432850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
21442850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
21452850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21462850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21472850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
21482850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
21492850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
21502850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
21512850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21522850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21532850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21542850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21552850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21562850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21572850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21582850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
21592850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc07b0000 LB 0x00096000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
21602850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
21612850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc07b0000 'C:\windows\system32\uxtheme.dll'
21622850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2eb0000 'C:\windows\system32\user32.dll'
21632850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
21642850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21652850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3e90000 'C:\windows\system32\shell32.dll'
21662850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
21672850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21682850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc22d0000 'C:\windows\system32\SHCore.dll'
21692850.1fe8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
21702850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21712850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
21722850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21732850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
21742850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
21752850.1fe8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
21762850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
21772850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbedb0000 LB 0x00022000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
21782850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
21792850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000680 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
21802850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
21812850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
21822850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8900DBF59D51D3F67CECDDA4ED1690DFAAE4945
21832850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21842850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21852850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21862850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21872850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21882850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21892850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21902850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
21912850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
21922850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Composition-Core-windows-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
21932850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21942850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
21952850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
21962850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21972850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
21982850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
21992850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22002850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
22012850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3e90000 'C:\windows\system32\shell32.dll'
22022850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22032850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22042850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc07b0000 'C:\windows\system32\uxtheme.dll'
22052850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3070000 'C:\windows\system32\advapi32.dll'
22062850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
22072850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
22082850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22092850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22102850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
22112850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
22122850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
22132850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
22142850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
22152850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
22162850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22172850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22182850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22192850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22202850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22212850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
22222850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc1720000 LB 0x0001f000 C:\windows\system32\userenv.dll [fFlags=0x0]
22232850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
22242850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc1720000 'C:\windows\system32\userenv.dll'
22252850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
22262850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22272850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc5830000 'C:\windows\system32\kernel32.dll'
22282850.1fe8: supR3HardenedDllNotificationCallback: load 0000000003a40000 LB 0x000a7000 C:\windows\system32\clbcatq.dll [fFlags=0x0]
22292850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22302850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
22312850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
22322850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
22332850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22342850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22352850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22362850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22372850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
22382850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
22392850.1578: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
22402850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
22412850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22422850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22432850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22442850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22452850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22462850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22472850.1578: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22482850.1578: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22492850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22502850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22512850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
22522850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22532850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22542850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22552850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22562850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22572850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22582850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22592850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22602850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22612850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22622850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22632850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22642850.1578: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22652850.1578: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22662850.1578: supR3HardenedDllNotificationCallback: load 00007ffc81ec0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
22672850.1578: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
22682850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc81ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
22692850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
22702850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22712850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22722850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22732850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
22742850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22752850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22762850.1578: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
22772850.1578: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
22782850.1578: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22792850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22802850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22812850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22822850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22832850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
22842850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22852850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22862850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22872850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22882850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22892850.1578: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
22902850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22912850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22922850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22932850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22942850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22952850.1578: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22962850.1578: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22972850.1578: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
22982850.1578: supR3HardenedDllNotificationCallback: load 00007ffc9da40000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
22992850.1578: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23002850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9da40000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
23012850.1578: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23022850.1578: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23032850.1578: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000037b0000 'C:\Windows\System32\oleaut32.dll'
23042850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc31f0000 'C:\windows\system32\gdi32.dll'
23052850.1a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
23062850.1a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23072850.1a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23082850.1a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23092850.1a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23102850.1a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23112850.1a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23122850.1a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
23132850.1a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23142850.1a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23152850.1a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23162850.1a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23172850.1a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23182850.1a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23192850.1a50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23202850.1a50: supR3HardenedDllNotificationCallback: load 00007ffcb7300000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
23212850.1a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23222850.1a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
23232850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3e90000 'C:\windows\system32\shell32.dll'
23242850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc3910000 LB 0x0015a000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
23252850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23262850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
23272850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
23282850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
23292850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
23302850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
23312850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23322850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23332850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
23342850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23352850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23362850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23372850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23382850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23392850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23402850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
23412850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23422850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
23432850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
23442850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e0 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
23452850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
23462850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
23472850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75640CA57CB5630DA16BB2F35FAEDB2EAB5C3525
23482850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23492850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
23502850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
23512850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23522850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23532850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
23542850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
23552850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
23562850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
23572850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
23582850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
23592850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
23602850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
23612850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23622850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
23632850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23642850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
23652850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
23662850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
23672850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
23682850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23692850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23702850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23712850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
23722850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23732850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
23742850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
23752850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
23762850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23772850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23782850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
23792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23802850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23812850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
23822850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23832850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23842850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
23852850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
23862850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
23872850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
23882850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23892850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
23902850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
23912850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
23922850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23932850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23942850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23952850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23962850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23972850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23982850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23992850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24002850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
24012850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
24022850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
24032850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbea50000 LB 0x000a2000 C:\windows\system32\dxgi.dll [fFlags=0x0]
24042850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
24052850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbeb00000 LB 0x002a8000 C:\windows\system32\d3d11.dll [fFlags=0x0]
24062850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
24072850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbf820000 LB 0x000e3000 C:\windows\system32\dcomp.dll [fFlags=0x0]
24082850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
24092850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcaf4c0000 LB 0x0004a000 C:\windows\system32\dataexchange.dll [fFlags=0x0]
24102850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24112850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcaf4c0000 'C:\windows\system32\dataexchange.dll'
24122850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24132850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
24142850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
24152850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
24162850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
24172850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
24182850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcc0950000 LB 0x00100000 C:\windows\system32\twinapi.appcore.dll [fFlags=0x0]
24192850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
24202850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24212850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24222850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
24232850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24242850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24252850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24262850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24272850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
24282850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24292850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24302850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
24312850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
24322850.1fe8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
24332850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24342850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24352850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc37c0000 'C:\windows\system32\ole32.dll'
24362850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24372850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24382850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000037b0000 'C:\windows\system32\OLEAUT32.dll'
24392850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a9c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
24402850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
24412850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
24422850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4
24432850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
24442850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
24452850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
24462850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24472850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24482850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
24492850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
24502850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24512850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
24522850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24532850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24542850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
24552850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
24562850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
24572850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA
24582850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
24592850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
24602850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
24612850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24622850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24632850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
24642850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
24652850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
24662850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
24672850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24682850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24692850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
24702850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24712850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24722850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24732850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24742850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
24752850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
24762850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
24772850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
24782850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24792850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24802850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24812850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
24822850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
24832850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbcb10000 LB 0x0007f000 C:\windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
24842850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
24852850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbcf10000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
24862850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
24872850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24882850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc20e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
24892850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbcf10000 'C:\windows\system32\wbem\wbemprox.dll'
24902850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000abc pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
24912850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
24922850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
24932850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79
24942850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
24952850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
24962850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
24972850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24982850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24992850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25002850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
25012850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
25022850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25032850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25042850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25052850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25062850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25072850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
25082850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcbcc10000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
25092850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
25102850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbcc10000 'C:\windows\system32\wbem\wbemsvc.dll'
25112850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25122850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc20e0000 'api-ms-win-core-localization-l1-2-0.dll'
25132850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25142850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc20e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
25152850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
25162850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
25172850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
25182850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD
25192850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25202850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
25212850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
25222850.1fe8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25232850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25242850.1fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
25252850.1fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25262850.1fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
25272850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25282850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25292850.1fe8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
25302850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25312850.1fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25322850.1fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25332850.1fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
25342850.1fe8: supR3HardenedDllNotificationCallback: load 00007ffcba030000 LB 0x000f6000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
25352850.1fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
25362850.1fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcba030000 'C:\windows\system32\wbem\fastprox.dll'
25372850.2884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25382850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25392850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
25402850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25412850.2884: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
25422850.2884: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25432850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25442850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25452850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
25462850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
25472850.2884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25482850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
25492850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25502850.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
25512850.2884: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
25522850.2884: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
25532850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25542850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25552850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25562850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25572850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25582850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25592850.2884: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25602850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25612850.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25622850.2884: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25632850.2884: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25642850.2884: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
25652850.2884: supR3HardenedDllNotificationCallback: load 0000000069170000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
25662850.2884: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
25672850.2884: supR3HardenedDllNotificationCallback: load 00007ffc84e10000 LB 0x0029a000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
25682850.2884: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25692850.2884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84e10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25702850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25712850.2f68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25722850.2f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25732850.2f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25742850.2f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25752850.2f68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25762850.2f68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25772850.2f68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25782850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25792850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25802850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25812850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25822850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25832850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25842850.2f68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25852850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25862850.2f68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25872850.2f68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25882850.2f68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25892850.2f68: supR3HardenedDllNotificationCallback: load 00007ffcc0690000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25902850.2f68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25912850.2f68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc0690000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25922850.2f68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2eb0000 'C:\windows\system32\User32.dll'
25932850.700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
25942850.700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25952850.700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25962850.700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25972850.700: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
25982850.700: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25992850.700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26002850.700: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26012850.700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26022850.700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26032850.700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
26042850.700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26052850.700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26062850.700: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26072850.700: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26082850.700: supR3HardenedDllNotificationCallback: load 00007ffcbf5c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
26092850.700: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
26102850.700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbf5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
26112850.2dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26122850.2dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26132850.2dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26142850.2dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26152850.2dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26162850.2dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26172850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26182850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26192850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26202850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26212850.2dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
26222850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26232850.2dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26242850.2dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
26252850.2dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26262850.2dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26272850.2dfc: supR3HardenedDllNotificationCallback: load 00007ffcbf5b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26282850.2dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26292850.2dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbf5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26302850.1c74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26312850.1c74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26322850.1c74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26332850.1c74: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26342850.1c74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26352850.1c74: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26362850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26372850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26382850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26392850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26402850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26412850.1c74: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26422850.1c74: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26432850.1c74: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26442850.1c74: supR3HardenedDllNotificationCallback: load 00007ffcb7280000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26452850.1c74: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26462850.1c74: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb7280000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26472850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc3e90000 'C:\windows\system32\Shell32.dll'
26482850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26492850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26502850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84e10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26512850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26522850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26532850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26542850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26552850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26562850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26572850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
26582850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26592850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26602850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26612850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26622850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26632850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26642850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26652850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26662850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26672850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26682850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26692850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26702850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26712850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26722850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26732850.31fc: supR3HardenedDllNotificationCallback: load 00007ffca8fb0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26742850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26752850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca8fb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
26762850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffca8fb0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
26772850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26782850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26792850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26802850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26812850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26822850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26832850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
26842850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
26852850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26862850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26872850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
26882850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
26892850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
26902850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
26912850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
26922850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
26932850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
26942850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
26952850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
26962850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
26972850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
26982850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26992850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27002850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
27012850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27022850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27032850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
27042850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27052850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27062850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27072850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
27082850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
27092850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
27102850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
27112850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
27122850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
27132850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27142850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27152850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27162850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27172850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27182850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27192850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27202850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27212850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
27222850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
27232850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
27242850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27252850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27262850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27272850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27282850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27292850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27302850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27312850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27322850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27332850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27342850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27352850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27362850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27372850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27382850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27392850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27402850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27412850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27422850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27432850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27442850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27452850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27462850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27472850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27482850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27492850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27502850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27512850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27522850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27532850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27542850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
27552850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27562850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27572850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27582850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27592850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27602850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27612850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27622850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
27632850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27642850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27652850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
27662850.31fc: supR3HardenedDllNotificationCallback: load 000000000a580000 LB 0x00429000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
27672850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
27682850.31fc: supR3HardenedDllNotificationCallback: load 00007ffc9d760000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27692850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27702850.31fc: supR3HardenedDllNotificationCallback: load 00007ffca8f80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
27712850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27722850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbe800000 LB 0x00038000 C:\windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
27732850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
27742850.31fc: supR3HardenedDllNotificationCallback: load 00007ffc815f0000 LB 0x008c7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27752850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
27762850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc815f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
27772850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27782850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27792850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27802850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27812850.31fc: supR3HardenedDllNotificationCallback: load 00007ffca1b90000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
27822850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27832850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca1b90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
27842850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27852850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
27862850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27872850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc81ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
27882850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27892850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27902850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27912850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca8f80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
27922850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27932850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
27942850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27952850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27962850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
27972850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
27982850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27992850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28002850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28012850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28022850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28032850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28042850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcb4570000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
28052850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28062850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb4570000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
28072850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28082850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28092850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28102850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28112850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
28122850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28132850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28142850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28152850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28162850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28172850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28182850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28192850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcb44c0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
28202850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28212850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb44c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
28222850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28232850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28242850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28252850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28262850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
28272850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28282850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28292850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28302850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28312850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28322850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28332850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28342850.31fc: supR3HardenedDllNotificationCallback: load 00007ffca7790000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
28352850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
28362850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca7790000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
28372850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28382850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28392850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28402850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28412850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
28422850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28432850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28442850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28452850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28462850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28472850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28482850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28492850.31fc: supR3HardenedDllNotificationCallback: load 00007ffca6b20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
28502850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
28512850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffca6b20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
28522850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28532850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28542850.918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28552850.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28562850.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28572850.918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28582850.918: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
28592850.918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28602850.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28612850.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28622850.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28632850.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28642850.918: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28652850.918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28662850.918: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28672850.918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28682850.918: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28692850.918: supR3HardenedDllNotificationCallback: load 00007ffcb6310000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
28702850.918: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
28712850.918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb6310000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
28722850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28732850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
28742850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28752850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28762850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28772850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
28782850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
28792850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28802850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28812850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28822850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28832850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28842850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28852850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28862850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28872850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28882850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28892850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28902850.31fc: supR3HardenedDllNotificationCallback: load 00007ffc9c110000 LB 0x0008a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
28912850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
28922850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9c110000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
28932850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
28942850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28952850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbe800000 'C:\windows\system32\Iphlpapi.dll'
28962850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28972850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
28982850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
28992850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
29002850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbe940000 LB 0x0000b000 C:\windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
29012850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
29022850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
29032850.31fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
29042850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
29052850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbe4a0000 LB 0x00016000 C:\windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
29062850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
29072850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
29082850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
29092850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
29102850.31fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
29112850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
29122850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbe480000 LB 0x0001a000 C:\windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
29132850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
29142850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e08 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
29152850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
29162850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
29172850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B252225ADEF97FEC2943324DF61B5FDC9AB3A05
29182850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29192850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29202850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
29212850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29222850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29232850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
29242850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29252850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29262850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29272850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29282850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
29292850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
29302850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
29312850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29322850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29332850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29342850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29352850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
29362850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29372850.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
29382850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dfc pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
29392850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
29402850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
29412850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2FEBD2E98F4EB4C528973059B9FC09175BAA914
29422850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29432850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
29442850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29452850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29462850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
29472850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29482850.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
29492850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29502850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29512850.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
29522850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cfc pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
29532850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
29542850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
29552850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C46CF6D8C425A34B7EDE4E8FD0F2E4A8182CBB1
29562850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29572850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29582850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
29592850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29602850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29612850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
29622850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
29632850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
29642850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
29652850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
29662850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29672850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29682850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
29692850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29702850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29712850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29722850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29732850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29742850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29752850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29762850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
29772850.31fc: supR3HardenedDllNotificationCallback: load 00007ffc9db60000 LB 0x0009c000 C:\windows\System32\dsound.dll [fFlags=0x0]
29782850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
29792850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
29802850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
29812850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9db60000 'C:\windows\System32\dsound.dll'
29822850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9db60000 'C:\windows\System32\dsound.dll'
29832850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
29842850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29852850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9db60000 'C:\windows\system32\dsound.dll'
29862850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29872850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29882850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29892850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
29902850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
29912850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
29922850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29932850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
29942850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29952850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29962850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
29972850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
29982850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29992850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
30002850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
30012850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
30022850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
30032850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
30042850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
30052850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30062850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30072850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30082850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30092850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
30102850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30112850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30122850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
30132850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
30142850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30152850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
30162850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
30172850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
30182850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30192850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30202850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30212850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30222850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
30232850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
30242850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
30252850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30262850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30272850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30282850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
30292850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
30302850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
30312850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcc0850000 LB 0x00027000 C:\windows\System32\DEVOBJ.dll [fFlags=0x0]
30322850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
30332850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbcd80000 LB 0x00186000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
30342850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
30352850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbcf30000 LB 0x00070000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
30362850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
30372850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbcf30000 'C:\windows\System32\MMDevApi.dll'
30382850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
30392850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30402850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcbcf30000 'C:\windows\system32\MMDEVAPI.DLL'
30412850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
30422850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30432850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
30442850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
30452850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
30462850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
30472850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E241BE9D4F52A26C9ED7BD86312051FE44DA417
30482850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
30492850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
30502850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
30512850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30522850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30532850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
30542850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
30552850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
30562850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
30572850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
30582850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
30592850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
30602850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30612850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30622850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
30632850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
30642850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
30652850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
30662850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
30672850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
30682850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
30692850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30702850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30712850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
30722850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30732850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30742850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
30752850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
30762850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
30772850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
30782850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
30792850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30802850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
30812850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
30822850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30832850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30842850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30852850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30862850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30872850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
30882850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
30892850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
30902850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcc0640000 LB 0x00008000 C:\windows\SYSTEM32\ksuser.dll [fFlags=0x0]
30912850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
30922850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbdff0000 LB 0x0000b000 C:\windows\SYSTEM32\AVRT.dll [fFlags=0x0]
30932850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
30942850.31fc: supR3HardenedDllNotificationCallback: load 00007ffc93120000 LB 0x00042000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
30952850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
30962850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
30972850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
30982850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30992850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31002850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
31012850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31022850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31032850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
31042850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31052850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31062850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
31072850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31082850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31092850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
31102850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
31112850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31122850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31132850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
31142850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
31152850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
31162850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
31172850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31182850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31192850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
31202850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31212850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31222850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31232850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31242850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31252850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31262850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31272850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
31282850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31292850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
31302850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
31312850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
31322850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
31332850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcbe200000 LB 0x00136000 C:\windows\SYSTEM32\wintypes.dll [fFlags=0x0]
31342850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
31352850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcaf510000 LB 0x00088000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
31362850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
31372850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcaf510000 'C:\windows\system32\AUDIOSES.DLL'
31382850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31392850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31402850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31412850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31422850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
31432850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31442850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31452850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
31462850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
31472850.31fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
31482850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
31492850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31502850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31512850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
31522850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31532850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31542850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31552850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31562850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31572850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31582850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31592850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31602850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc93120000 'C:\windows\system32\wdmaud.drv'
31612850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e0c pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
31622850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
31632850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
31642850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E2C15A147F336A77E08F63DA2B7DC249BAC5291
31652850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
31662850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
31672850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
31682850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31692850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31702850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
31712850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
31722850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
31732850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
31742850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
31752850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
31762850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31772850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31782850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31792850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31802850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31812850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31822850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
31832850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
31842850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31852850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
31862850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
31872850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31882850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31892850.31fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
31902850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31912850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31922850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31932850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31942850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
31952850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
31962850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
31972850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcb4730000 LB 0x0001c000 C:\windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
31982850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
31992850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcb9260000 LB 0x0000c000 C:\windows\system32\msacm32.drv [fFlags=0x0]
32002850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32012850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32022850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32032850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32042850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32052850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32062850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32072850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32082850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32092850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32102850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32112850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32122850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32132850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32142850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32152850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32162850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32172850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
32182850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32192850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32202850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32212850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32222850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb9260000 'C:\windows\system32\msacm32.drv'
32232850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
32242850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000af8d20
32252850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000af8d20
32262850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C5FAE1499C6920F25025123B65102443C15281
32272850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
32282850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2ac0000 'C:\windows\system32\crypt32.dll'
32292850.31fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
32302850.31fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32312850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32322850.31fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
32332850.31fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
32342850.31fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
32352850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32362850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32372850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32382850.31fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32392850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32402850.31fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
32412850.31fc: supR3HardenedDllNotificationCallback: load 00007ffcb86d0000 LB 0x0000a000 C:\windows\system32\midimap.dll [fFlags=0x0]
32422850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
32432850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb86d0000 'C:\windows\system32\midimap.dll'
32442850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
32452850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32462850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb86d0000 'C:\windows\system32\midimap.dll'
32472850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
32482850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32492850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb86d0000 'C:\windows\system32\midimap.dll'
32502850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
32512850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
32522850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcb86d0000 'C:\windows\system32\midimap.dll'
32532850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32542850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32552850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32562850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32572850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32582850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
32592850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32602850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32612850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32622850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32632850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32642850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32652850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32662850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
32672850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32682850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9db60000 'C:\windows\system32\dsound.dll'
32692850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32702850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32712850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32722850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
32732850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32742850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc9db60000 'C:\windows\system32\dsound.dll'
32752850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc05e0000 'C:\windows\system32\winmm.dll'
32762850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32772850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32782850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc84e10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32792850.31fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
32802850.31fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32812850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc5830000 'C:\windows\system32\kernel32.dll'
32822850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
32832850.31fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc15d0000 'C:\windows\system32\rsaenh.dll'
32842850.13e8: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
32852850.13e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
32862850.13e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
32872850.13e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
32882850.918: supR3HardenedDllNotificationCallback: Unload 00007ffcb6310000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
32892850.1c74: supR3HardenedDllNotificationCallback: Unload 00007ffcb7280000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
32902850.2dfc: supR3HardenedDllNotificationCallback: Unload 00007ffcbf5b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
32912850.700: supR3HardenedDllNotificationCallback: Unload 00007ffcbf5c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
32922850.2f68: supR3HardenedDllNotificationCallback: Unload 00007ffcc0690000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
32932850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffca6b20000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
32942850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffca7790000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
32952850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffcb44c0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
32962850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffcb4570000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
32972850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffca1b90000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
32982850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc815f0000 LB 0x008c7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
32992850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffc9d760000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
33002850.31fc: supR3HardenedDllNotificationCallback: Unload 00007ffca8f80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
33012850.31fc: supR3HardenedDllNotificationCallback: Unload 000000000a580000 LB 0x00429000 C:\windows\system32\SETUPAPI.dll [flags=0x0]
33022850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcb7300000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
33032850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbcc10000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [flags=0x0]
33042850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcaf4c0000 LB 0x0004a000 C:\windows\system32\dataexchange.dll [flags=0x0]
33052850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbeb00000 LB 0x002a8000 C:\windows\system32\d3d11.dll [flags=0x0]
33062850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbea50000 LB 0x000a2000 C:\windows\system32\dxgi.dll [flags=0x0]
33072850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbf820000 LB 0x000e3000 C:\windows\system32\dcomp.dll [flags=0x0]
33082850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcc0950000 LB 0x00100000 C:\windows\system32\twinapi.appcore.dll [flags=0x0]
33092850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbcf10000 LB 0x00011000 C:\windows\system32\wbem\wbemprox.dll [flags=0x0]
33102850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffc9da40000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
33112850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcba030000 LB 0x000f6000 C:\windows\system32\wbem\fastprox.dll [flags=0x0]
33122850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffcbcb10000 LB 0x0007f000 C:\windows\SYSTEM32\wbemcomn.dll [flags=0x0]
33132850.1fe8: supR3HardenedDllNotificationCallback: Unload 00007ffc81ec0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
33142850.1fe8: Terminating the normal way: rcExit=0
3315a7c.3594: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 85934 ms, the end);
331637a0.3750: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 87741 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy