VirtualBox

Ticket #16066: VBoxHardening.log

File VBoxHardening.log, 282.3 KB (added by Paul B., 8 years ago)

Second log file

Line 
156c.2aa4: Log file opened: 5.1.6r110634 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0383900
256c.2aa4: \SystemRoot\System32\ntdll.dll:
356c.2aa4: CreationTime: 2016-09-30T11:54:52.421666900Z
456c.2aa4: LastWriteTime: 2016-09-15T17:27:59.034377000Z
556c.2aa4: ChangeTime: 2016-10-12T06:48:16.807244600Z
656c.2aa4: FileAttributes: 0x20
756c.2aa4: Size: 0x1cbe88
856c.2aa4: NT Headers: 0xd8
956c.2aa4: Timestamp: 0x57dac931
1056c.2aa4: Machine: 0x8664 - amd64
1156c.2aa4: Timestamp: 0x57dac931
1256c.2aa4: Image Version: 10.0
1356c.2aa4: SizeOfImage: 0x1d1000 (1904640)
1456c.2aa4: Resource Dir: 0x168000 LB 0x67988
1556c.2aa4: ProductName: Microsoft® Windows® Operating System
1656c.2aa4: ProductVersion: 10.0.14393.206
1756c.2aa4: FileVersion: 10.0.14393.206 (rs1_release.160915-0644)
1856c.2aa4: FileDescription: NT Layer DLL
1956c.2aa4: \SystemRoot\System32\kernel32.dll:
2056c.2aa4: CreationTime: 2016-07-16T11:42:16.155721400Z
2156c.2aa4: LastWriteTime: 2016-07-16T11:42:16.155721400Z
2256c.2aa4: ChangeTime: 2016-09-26T17:13:52.706737300Z
2356c.2aa4: FileAttributes: 0x20
2456c.2aa4: Size: 0xaade8
2556c.2aa4: NT Headers: 0xf0
2656c.2aa4: Timestamp: 0x57899a29
2756c.2aa4: Machine: 0x8664 - amd64
2856c.2aa4: Timestamp: 0x57899a29
2956c.2aa4: Image Version: 10.0
3056c.2aa4: SizeOfImage: 0xab000 (700416)
3156c.2aa4: Resource Dir: 0xa9000 LB 0x528
3256c.2aa4: ProductName: Microsoft® Windows® Operating System
3356c.2aa4: ProductVersion: 10.0.14393.0
3456c.2aa4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
3556c.2aa4: FileDescription: Windows NT BASE API Client DLL
3656c.2aa4: \SystemRoot\System32\KernelBase.dll:
3756c.2aa4: CreationTime: 2016-10-12T06:18:15.348892800Z
3856c.2aa4: LastWriteTime: 2016-10-05T10:31:27.772259900Z
3956c.2aa4: ChangeTime: 2016-10-12T19:05:37.050519400Z
4056c.2aa4: FileAttributes: 0x20
4156c.2aa4: Size: 0x21c580
4256c.2aa4: NT Headers: 0xf8
4356c.2aa4: Timestamp: 0x57f4c4f0
4456c.2aa4: Machine: 0x8664 - amd64
4556c.2aa4: Timestamp: 0x57f4c4f0
4656c.2aa4: Image Version: 10.0
4756c.2aa4: SizeOfImage: 0x21d000 (2215936)
4856c.2aa4: Resource Dir: 0x201000 LB 0x560
4956c.2aa4: ProductName: Microsoft® Windows® Operating System
5056c.2aa4: ProductVersion: 10.0.14393.321
5156c.2aa4: FileVersion: 10.0.14393.321 (rs1_release_inmarket.161004-2338)
5256c.2aa4: FileDescription: Windows NT BASE API Client DLL
5356c.2aa4: \SystemRoot\System32\apisetschema.dll:
5456c.2aa4: CreationTime: 2016-07-16T11:42:21.577586000Z
5556c.2aa4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
5656c.2aa4: ChangeTime: 2016-09-26T17:13:50.737896400Z
5756c.2aa4: FileAttributes: 0x20
5856c.2aa4: Size: 0x18960
5956c.2aa4: NT Headers: 0xc8
6056c.2aa4: Timestamp: 0x57899bd2
6156c.2aa4: Machine: 0x8664 - amd64
6256c.2aa4: Timestamp: 0x57899bd2
6356c.2aa4: Image Version: 10.0
6456c.2aa4: SizeOfImage: 0x19000 (102400)
6556c.2aa4: Resource Dir: 0x18000 LB 0x400
6656c.2aa4: ProductName: Microsoft® Windows® Operating System
6756c.2aa4: ProductVersion: 10.0.14393.0
6856c.2aa4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
6956c.2aa4: FileDescription: ApiSet Schema DLL
7056c.2aa4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7156c.2aa4: supR3HardenedWinFindAdversaries: 0x100
7256c.2aa4: \SystemRoot\System32\drivers\avgidsdrivera.sys:
7356c.2aa4: CreationTime: 2013-11-24T23:48:36.000000000Z
7456c.2aa4: LastWriteTime: 2013-11-24T23:48:36.000000000Z
7556c.2aa4: ChangeTime: 2016-09-26T07:40:48.176349900Z
7656c.2aa4: FileAttributes: 0x20
7756c.2aa4: Size: 0x3c138
7856c.2aa4: NT Headers: 0xd8
7956c.2aa4: Timestamp: 0x52929a87
8056c.2aa4: Machine: 0x8664 - amd64
8156c.2aa4: Timestamp: 0x52929a87
8256c.2aa4: Image Version: 6.1
8356c.2aa4: SizeOfImage: 0x43000 (274432)
8456c.2aa4: Resource Dir: 0x41000 LB 0x598
8556c.2aa4: ProductName: AVG Internet Security
8656c.2aa4: ProductVersion: 13.0.0.3458
8756c.2aa4: FileVersion: 13.0.0.3458
8856c.2aa4: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
8956c.2aa4: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
9056c.2aa4: FileDescription: IDS Application Activity Monitor Driver.
9156c.2aa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9256c.2aa4: Calling main()
9356c.2aa4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
9456c.2aa4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9556c.2aa4: SUPR3HardenedMain: Respawn #1
9656c.2aa4: System32: \Device\HarddiskVolume2\Windows\System32
9756c.2aa4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
9856c.2aa4: KnownDllPath: C:\WINDOWS\System32
9956c.2aa4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
10056c.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
10156c.2aa4: supR3HardNtEnableThreadCreation:
10256c.2aa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd01db8d50 pvNtTerminateThread=00007ffd01de58a0
10356c.2aa4: supR3HardenedWinDoReSpawn(1): New child 1f50.2668 [kernel32].
10456c.2aa4: supR3HardNtChildGatherData: PebBaseAddress=000000000036d000 cbPeb=0x388
10556c.2aa4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd01d40000 uNtDllChildAddr=00007ffd01d40000
10656c.2aa4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd01db8d50
10756c.2aa4: supR3HardenedWinSetupChildInit: Start child.
10856c.2aa4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
10956c.2aa4: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 62 sleeps
11056c.2aa4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
11156c.2aa4: *0000000000000000-ffffffffffeaffff 0x0001/0x0000 0x0000000
11256c.2aa4: *0000000000150000-000000000012ffff 0x0004/0x0004 0x0020000
11356c.2aa4: *0000000000170000-0000000000159fff 0x0002/0x0002 0x0040000
11456c.2aa4: 0000000000186000-000000000017bfff 0x0001/0x0000 0x0000000
11556c.2aa4: *0000000000190000-000000000018bfff 0x0002/0x0002 0x0040000
11656c.2aa4: 0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000
11756c.2aa4: *00000000001a0000-000000000019dfff 0x0004/0x0004 0x0020000
11856c.2aa4: 00000000001a2000-0000000000143fff 0x0001/0x0000 0x0000000
11956c.2aa4: *0000000000200000-0000000000092fff 0x0000/0x0004 0x0020000
12056c.2aa4: 000000000036d000-0000000000369fff 0x0004/0x0004 0x0020000
12156c.2aa4: 0000000000370000-00000000002dffff 0x0000/0x0004 0x0020000
12256c.2aa4: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000
12356c.2aa4: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000
12456c.2aa4: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000
12556c.2aa4: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000
12656c.2aa4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
12756c.2aa4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
12856c.2aa4: 000000007fff0000-ffff800ad520ffff 0x0001/0x0000 0x0000000
12956c.2aa4: *00007ff62add0000-00007ff62adacfff 0x0002/0x0002 0x0040000
13056c.2aa4: 00007ff62adf3000-00007ff62acb5fff 0x0001/0x0000 0x0000000
13156c.2aa4: *00007ff62af30000-00007ff62af30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13256c.2aa4: 00007ff62af31000-00007ff62af9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13356c.2aa4: 00007ff62afa0000-00007ff62afa0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13456c.2aa4: 00007ff62afa1000-00007ff62afe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13556c.2aa4: 00007ff62afe6000-00007ff62afe6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13656c.2aa4: 00007ff62afe7000-00007ff62afe7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13756c.2aa4: 00007ff62afe8000-00007ff62afecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13856c.2aa4: 00007ff62afed000-00007ff62afedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
13956c.2aa4: 00007ff62afee000-00007ff62afeefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14056c.2aa4: 00007ff62afef000-00007ff62aff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14156c.2aa4: 00007ff62aff3000-00007ff62b03afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
14256c.2aa4: 00007ff62b03b000-00007fef54335fff 0x0001/0x0000 0x0000000
14356c.2aa4: *00007ffd01d40000-00007ffd01d40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14456c.2aa4: 00007ffd01d41000-00007ffd01e47fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14556c.2aa4: 00007ffd01e48000-00007ffd01e8bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14656c.2aa4: 00007ffd01e8c000-00007ffd01e94fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14756c.2aa4: 00007ffd01e95000-00007ffd01ea2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14856c.2aa4: 00007ffd01ea3000-00007ffd01ea3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
14956c.2aa4: 00007ffd01ea4000-00007ffd01ea6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15056c.2aa4: 00007ffd01ea7000-00007ffd01f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
15156c.2aa4: 00007ffd01f11000-00007ffa03e41fff 0x0001/0x0000 0x0000000
15256c.2aa4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
15356c.2aa4: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
15456c.2aa4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
15556c.2aa4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
15656c.2aa4: supR3HardNtChildPurify: Done after 597 ms and 0 fixes (loop #0).
1571f50.2668: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
1581f50.2668: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd01d40000 g_uNtVerCombined=0xa0383900
15956c.2aa4: supR3HardNtEnableThreadCreation:
1601f50.2668: ntdll.dll: timestamp 0x57dac931 (rc=VINF_SUCCESS)
1611f50.2668: New simple heap: #1 0000000000600000 LB 0x400000 (for 1904640 allocation)
1621f50.2668: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1631f50.2668: System32: \Device\HarddiskVolume2\Windows\System32
1641f50.2668: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1651f50.2668: KnownDllPath: C:\WINDOWS\System32
1661f50.2668: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1671f50.2668: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1681f50.2668: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1691f50.2668: Registered Dll notification callback with NTDLL.
1701f50.2668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1711f50.2668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1721f50.2668: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1731f50.2668: supR3HardenedDllNotificationCallback: load 00007ffcfeee0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1741f50.2668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1751f50.2668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1761f50.2668: supR3HardenedDllNotificationCallback: load 00007ffcff2f0000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1771f50.2668: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1781f50.2668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
1791f50.2668: supR3HardenedDllNotificationCallback: load 00007ff62af30000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1801f50.2668: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1811f50.2668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1821f50.2668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1831f50.2668: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd01db8d50 pvNtTerminateThread=00007ffd01de58a0
18456c.2aa4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 96 ms.
1851f50.2668: \SystemRoot\System32\ntdll.dll:
1861f50.2668: CreationTime: 2016-09-30T11:54:52.421666900Z
1871f50.2668: LastWriteTime: 2016-09-15T17:27:59.034377000Z
1881f50.2668: ChangeTime: 2016-10-12T06:48:16.807244600Z
1891f50.2668: FileAttributes: 0x20
1901f50.2668: Size: 0x1cbe88
1911f50.2668: NT Headers: 0xd8
1921f50.2668: Timestamp: 0x57dac931
1931f50.2668: Machine: 0x8664 - amd64
1941f50.2668: Timestamp: 0x57dac931
1951f50.2668: Image Version: 10.0
1961f50.2668: SizeOfImage: 0x1d1000 (1904640)
1971f50.2668: Resource Dir: 0x168000 LB 0x67988
1981f50.2668: ProductName: Microsoft® Windows® Operating System
1991f50.2668: ProductVersion: 10.0.14393.206
2001f50.2668: FileVersion: 10.0.14393.206 (rs1_release.160915-0644)
2011f50.2668: FileDescription: NT Layer DLL
2021f50.2668: \SystemRoot\System32\kernel32.dll:
2031f50.2668: CreationTime: 2016-07-16T11:42:16.155721400Z
2041f50.2668: LastWriteTime: 2016-07-16T11:42:16.155721400Z
2051f50.2668: ChangeTime: 2016-09-26T17:13:52.706737300Z
2061f50.2668: FileAttributes: 0x20
2071f50.2668: Size: 0xaade8
2081f50.2668: NT Headers: 0xf0
2091f50.2668: Timestamp: 0x57899a29
2101f50.2668: Machine: 0x8664 - amd64
2111f50.2668: Timestamp: 0x57899a29
2121f50.2668: Image Version: 10.0
2131f50.2668: SizeOfImage: 0xab000 (700416)
2141f50.2668: Resource Dir: 0xa9000 LB 0x528
2151f50.2668: ProductName: Microsoft® Windows® Operating System
2161f50.2668: ProductVersion: 10.0.14393.0
2171f50.2668: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
2181f50.2668: FileDescription: Windows NT BASE API Client DLL
2191f50.2668: \SystemRoot\System32\KernelBase.dll:
2201f50.2668: CreationTime: 2016-10-12T06:18:15.348892800Z
2211f50.2668: LastWriteTime: 2016-10-05T10:31:27.772259900Z
2221f50.2668: ChangeTime: 2016-10-12T19:05:37.050519400Z
2231f50.2668: FileAttributes: 0x20
2241f50.2668: Size: 0x21c580
2251f50.2668: NT Headers: 0xf8
2261f50.2668: Timestamp: 0x57f4c4f0
2271f50.2668: Machine: 0x8664 - amd64
2281f50.2668: Timestamp: 0x57f4c4f0
2291f50.2668: Image Version: 10.0
2301f50.2668: SizeOfImage: 0x21d000 (2215936)
2311f50.2668: Resource Dir: 0x201000 LB 0x560
2321f50.2668: ProductName: Microsoft® Windows® Operating System
2331f50.2668: ProductVersion: 10.0.14393.321
2341f50.2668: FileVersion: 10.0.14393.321 (rs1_release_inmarket.161004-2338)
2351f50.2668: FileDescription: Windows NT BASE API Client DLL
2361f50.2668: \SystemRoot\System32\apisetschema.dll:
2371f50.2668: CreationTime: 2016-07-16T11:42:21.577586000Z
2381f50.2668: LastWriteTime: 2016-07-16T11:42:21.577586000Z
2391f50.2668: ChangeTime: 2016-09-26T17:13:50.737896400Z
2401f50.2668: FileAttributes: 0x20
2411f50.2668: Size: 0x18960
2421f50.2668: NT Headers: 0xc8
2431f50.2668: Timestamp: 0x57899bd2
2441f50.2668: Machine: 0x8664 - amd64
2451f50.2668: Timestamp: 0x57899bd2
2461f50.2668: Image Version: 10.0
2471f50.2668: SizeOfImage: 0x19000 (102400)
2481f50.2668: Resource Dir: 0x18000 LB 0x400
2491f50.2668: ProductName: Microsoft® Windows® Operating System
2501f50.2668: ProductVersion: 10.0.14393.0
2511f50.2668: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
2521f50.2668: FileDescription: ApiSet Schema DLL
2531f50.2668: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2541f50.2668: supR3HardenedWinFindAdversaries: 0x100
2551f50.2668: \SystemRoot\System32\drivers\avgidsdrivera.sys:
2561f50.2668: CreationTime: 2013-11-24T23:48:36.000000000Z
2571f50.2668: LastWriteTime: 2013-11-24T23:48:36.000000000Z
2581f50.2668: ChangeTime: 2016-09-26T07:40:48.176349900Z
2591f50.2668: FileAttributes: 0x20
2601f50.2668: Size: 0x3c138
2611f50.2668: NT Headers: 0xd8
2621f50.2668: Timestamp: 0x52929a87
2631f50.2668: Machine: 0x8664 - amd64
2641f50.2668: Timestamp: 0x52929a87
2651f50.2668: Image Version: 6.1
2661f50.2668: SizeOfImage: 0x43000 (274432)
2671f50.2668: Resource Dir: 0x41000 LB 0x598
2681f50.2668: ProductName: AVG Internet Security
2691f50.2668: ProductVersion: 13.0.0.3458
2701f50.2668: FileVersion: 13.0.0.3458
2711f50.2668: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
2721f50.2668: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
2731f50.2668: FileDescription: IDS Application Activity Monitor Driver.
2741f50.2668: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2751f50.2668: Calling main()
2761f50.2668: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2771f50.2668: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2781f50.2668: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2791f50.2668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2801f50.2668: SUPR3HardenedMain: Respawn #2
2811f50.2668: supR3HardNtEnableThreadCreation:
2821f50.2668: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd01db8d50 pvNtTerminateThread=00007ffd01de58a0
2831f50.2668: supR3HardenedWinDoReSpawn(2): New child 2438.2974 [kernel32].
2841f50.2668: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2851f50.2668: supR3HardNtChildGatherData: PebBaseAddress=000000000073a000 cbPeb=0x388
2861f50.2668: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd01d40000 uNtDllChildAddr=00007ffd01d40000
2871f50.2668: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd01db8d50
2881f50.2668: supR3HardenedWinSetupChildInit: Start child.
2891f50.2668: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2901f50.2668: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 61 sleeps
2911f50.2668: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2921f50.2668: *0000000000000000-ffffffffffa7ffff 0x0001/0x0000 0x0000000
2931f50.2668: *0000000000580000-000000000055ffff 0x0004/0x0004 0x0020000
2941f50.2668: *00000000005a0000-0000000000589fff 0x0002/0x0002 0x0040000
2951f50.2668: 00000000005b6000-00000000005abfff 0x0001/0x0000 0x0000000
2961f50.2668: *00000000005c0000-00000000005bbfff 0x0002/0x0002 0x0040000
2971f50.2668: 00000000005c4000-00000000005b7fff 0x0001/0x0000 0x0000000
2981f50.2668: *00000000005d0000-00000000005cdfff 0x0004/0x0004 0x0020000
2991f50.2668: 00000000005d2000-00000000005a3fff 0x0001/0x0000 0x0000000
3001f50.2668: *0000000000600000-00000000004c5fff 0x0000/0x0004 0x0020000
3011f50.2668: 000000000073a000-0000000000736fff 0x0004/0x0004 0x0020000
3021f50.2668: 000000000073d000-0000000000679fff 0x0000/0x0004 0x0020000
3031f50.2668: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
3041f50.2668: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
3051f50.2668: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
3061f50.2668: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000
3071f50.2668: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3081f50.2668: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3091f50.2668: 000000007fff0000-ffff800ad5e8ffff 0x0001/0x0000 0x0000000
3101f50.2668: *00007ff62a150000-00007ff62a12cfff 0x0002/0x0002 0x0040000
3111f50.2668: 00007ff62a173000-00007ff6293b5fff 0x0001/0x0000 0x0000000
3121f50.2668: *00007ff62af30000-00007ff62af30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3131f50.2668: 00007ff62af31000-00007ff62af9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3141f50.2668: 00007ff62afa0000-00007ff62afa0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3151f50.2668: 00007ff62afa1000-00007ff62afe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3161f50.2668: 00007ff62afe6000-00007ff62afe6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3171f50.2668: 00007ff62afe7000-00007ff62afe7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3181f50.2668: 00007ff62afe8000-00007ff62afecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3191f50.2668: 00007ff62afed000-00007ff62afedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3201f50.2668: 00007ff62afee000-00007ff62afeefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3211f50.2668: 00007ff62afef000-00007ff62aff2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3221f50.2668: 00007ff62aff3000-00007ff62b03afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3231f50.2668: 00007ff62b03b000-00007fef54335fff 0x0001/0x0000 0x0000000
3241f50.2668: *00007ffd01d40000-00007ffd01d40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3251f50.2668: 00007ffd01d41000-00007ffd01e47fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3261f50.2668: 00007ffd01e48000-00007ffd01e8bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3271f50.2668: 00007ffd01e8c000-00007ffd01e94fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3281f50.2668: 00007ffd01e95000-00007ffd01ea2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3291f50.2668: 00007ffd01ea3000-00007ffd01ea3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3301f50.2668: 00007ffd01ea4000-00007ffd01ea6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3311f50.2668: 00007ffd01ea7000-00007ffd01f10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3321f50.2668: 00007ffd01f11000-00007ffa03e41fff 0x0001/0x0000 0x0000000
3331f50.2668: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
3341f50.2668: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
3351f50.2668: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3361f50.2668: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3371f50.2668: supR3HardNtChildPurify: Done after 586 ms and 0 fixes (loop #0).
3382438.2974: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
3392438.2974: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd01d40000 g_uNtVerCombined=0xa0383900
3402438.2974: ntdll.dll: timestamp 0x57dac931 (rc=VINF_SUCCESS)
3412438.2974: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1904640 allocation)
3421f50.2668: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
3431f50.2668: supR3HardNtEnableThreadCreation:
3442438.2974: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3452438.2974: System32: \Device\HarddiskVolume2\Windows\System32
3462438.2974: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3472438.2974: KnownDllPath: C:\WINDOWS\System32
3482438.2974: supR3HardenedVmProcessInit: Opening vboxdrv...
3492438.2974: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3502438.2974: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3512438.2974: Registered Dll notification callback with NTDLL.
3522438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3532438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3542438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3552438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfeee0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3562438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3572438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3582438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff2f0000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3592438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3602438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\System32\KERNEL32.DLL'
3612438.2974: supR3HardenedDllNotificationCallback: load 00007ff62af30000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3622438.2974: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3632438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3642438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3652438.2974: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd01db8d50 pvNtTerminateThread=00007ffd01de58a0
3661f50.2668: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 101 ms.
3672438.2974: \SystemRoot\System32\ntdll.dll:
3682438.2974: CreationTime: 2016-09-30T11:54:52.421666900Z
3692438.2974: LastWriteTime: 2016-09-15T17:27:59.034377000Z
3702438.2974: ChangeTime: 2016-10-12T06:48:16.807244600Z
3712438.2974: FileAttributes: 0x20
3722438.2974: Size: 0x1cbe88
3732438.2974: NT Headers: 0xd8
3742438.2974: Timestamp: 0x57dac931
3752438.2974: Machine: 0x8664 - amd64
3762438.2974: Timestamp: 0x57dac931
3772438.2974: Image Version: 10.0
3782438.2974: SizeOfImage: 0x1d1000 (1904640)
3792438.2974: Resource Dir: 0x168000 LB 0x67988
3802438.2974: ProductName: Microsoft® Windows® Operating System
3812438.2974: ProductVersion: 10.0.14393.206
3822438.2974: FileVersion: 10.0.14393.206 (rs1_release.160915-0644)
3832438.2974: FileDescription: NT Layer DLL
3842438.2974: \SystemRoot\System32\kernel32.dll:
3852438.2974: CreationTime: 2016-07-16T11:42:16.155721400Z
3862438.2974: LastWriteTime: 2016-07-16T11:42:16.155721400Z
3872438.2974: ChangeTime: 2016-09-26T17:13:52.706737300Z
3882438.2974: FileAttributes: 0x20
3892438.2974: Size: 0xaade8
3902438.2974: NT Headers: 0xf0
3912438.2974: Timestamp: 0x57899a29
3922438.2974: Machine: 0x8664 - amd64
3932438.2974: Timestamp: 0x57899a29
3942438.2974: Image Version: 10.0
3952438.2974: SizeOfImage: 0xab000 (700416)
3962438.2974: Resource Dir: 0xa9000 LB 0x528
3972438.2974: ProductName: Microsoft® Windows® Operating System
3982438.2974: ProductVersion: 10.0.14393.0
3992438.2974: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
4002438.2974: FileDescription: Windows NT BASE API Client DLL
4012438.2974: \SystemRoot\System32\KernelBase.dll:
4022438.2974: CreationTime: 2016-10-12T06:18:15.348892800Z
4032438.2974: LastWriteTime: 2016-10-05T10:31:27.772259900Z
4042438.2974: ChangeTime: 2016-10-12T19:05:37.050519400Z
4052438.2974: FileAttributes: 0x20
4062438.2974: Size: 0x21c580
4072438.2974: NT Headers: 0xf8
4082438.2974: Timestamp: 0x57f4c4f0
4092438.2974: Machine: 0x8664 - amd64
4102438.2974: Timestamp: 0x57f4c4f0
4112438.2974: Image Version: 10.0
4122438.2974: SizeOfImage: 0x21d000 (2215936)
4132438.2974: Resource Dir: 0x201000 LB 0x560
4142438.2974: ProductName: Microsoft® Windows® Operating System
4152438.2974: ProductVersion: 10.0.14393.321
4162438.2974: FileVersion: 10.0.14393.321 (rs1_release_inmarket.161004-2338)
4172438.2974: FileDescription: Windows NT BASE API Client DLL
4182438.2974: \SystemRoot\System32\apisetschema.dll:
4192438.2974: CreationTime: 2016-07-16T11:42:21.577586000Z
4202438.2974: LastWriteTime: 2016-07-16T11:42:21.577586000Z
4212438.2974: ChangeTime: 2016-09-26T17:13:50.737896400Z
4222438.2974: FileAttributes: 0x20
4232438.2974: Size: 0x18960
4242438.2974: NT Headers: 0xc8
4252438.2974: Timestamp: 0x57899bd2
4262438.2974: Machine: 0x8664 - amd64
4272438.2974: Timestamp: 0x57899bd2
4282438.2974: Image Version: 10.0
4292438.2974: SizeOfImage: 0x19000 (102400)
4302438.2974: Resource Dir: 0x18000 LB 0x400
4312438.2974: ProductName: Microsoft® Windows® Operating System
4322438.2974: ProductVersion: 10.0.14393.0
4332438.2974: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
4342438.2974: FileDescription: ApiSet Schema DLL
4352438.2974: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4362438.2974: supR3HardenedWinFindAdversaries: 0x100
4372438.2974: \SystemRoot\System32\drivers\avgidsdrivera.sys:
4382438.2974: CreationTime: 2013-11-24T23:48:36.000000000Z
4392438.2974: LastWriteTime: 2013-11-24T23:48:36.000000000Z
4402438.2974: ChangeTime: 2016-09-26T07:40:48.176349900Z
4412438.2974: FileAttributes: 0x20
4422438.2974: Size: 0x3c138
4432438.2974: NT Headers: 0xd8
4442438.2974: Timestamp: 0x52929a87
4452438.2974: Machine: 0x8664 - amd64
4462438.2974: Timestamp: 0x52929a87
4472438.2974: Image Version: 6.1
4482438.2974: SizeOfImage: 0x43000 (274432)
4492438.2974: Resource Dir: 0x41000 LB 0x598
4502438.2974: ProductName: AVG Internet Security
4512438.2974: ProductVersion: 13.0.0.3458
4522438.2974: FileVersion: 13.0.0.3458
4532438.2974: SpecialBuild: AvgVC10_2013_1124_235635(3458), SVNRev ad13232 (release/SmallUpdate2013-06)
4542438.2974: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
4552438.2974: FileDescription: IDS Application Activity Monitor Driver.
4562438.2974: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4572438.2974: Calling main()
4582438.2974: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4592438.2974: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4602438.2974: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4612438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4622438.2974: SUPR3HardenedMain: Final process, opening VBoxDrv...
4632438.2974: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
4642438.2974: supR3HardNtEnableThreadCreation:
4652438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4662438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4672438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4682438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4692438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfb000000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4702438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4712438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4722438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4732438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfb000000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4742438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4752438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4762438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfb000000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4772438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfb000000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4782438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4792438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4802438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4812438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4822438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4832438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4862438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4872438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4902438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
4912438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4922438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4932438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4952438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4962438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4972438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4982438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4992438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
5002438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
5012438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5022438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5032438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5042438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5052438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01c40000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
5062438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5072438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe1a0000 LB 0x00010000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
5082438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5092438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe910000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
5102438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
5112438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
5122438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff100000 LB 0x001c8000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
5132438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5142438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01800000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
5152438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5162438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfece0000 LB 0x00055000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5172438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5182438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5192438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-synch-l1-2-0'
5202438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5212438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-fibers-l1-1-1'
5222438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5232438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-fibers-l1-1-1'
5242438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5252438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-synch-l1-2-0'
5262438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5272438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-localization-l1-2-1'
5282438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\WINDOWS\system32\Wintrust.dll'
5292438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5302438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5312438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5322438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5332438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfdd80000 LB 0x0002b000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5342438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5352438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdd80000 'C:\WINDOWS\system32\bcrypt.dll'
5362438.2974: bcrypt.dll loaded at 00007ffcfdd80000, BCryptOpenAlgorithmProvider at 00007ffcfdd84340, preloading providers:
5372438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5382438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5392438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5402438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfebc0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5412438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5422438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfebc0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5432438.2974: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e0e950)
5442438.2974: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e0ff80)
5452438.2974: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e10250)
5462438.2974: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e10520)
5472438.2974: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e107f0)
5482438.2974: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e10ac0)
5492438.2974: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e10d90)
5502438.2974: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e11060)
5512438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5522438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5532438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5542438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5552438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5562438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5572438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5582438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5592438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5602438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5612438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5622438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5632438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5642438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5652438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5662438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5672438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5682438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5692438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5702438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5712438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
5722438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5732438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5742438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfdc70000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5752438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5762438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5772438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5782438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5792438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5802438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5812438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5822438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5832438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5842438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfdb50000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5852438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5862438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
5872438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5882438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5892438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5902438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfdc90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5912438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5922438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5932438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5952438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5962438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5972438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\System32\kernel32.dll'
5982438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5992438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
6002438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6012438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6022438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\CRYPT32.dll'
6032438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff2d0000 LB 0x0001c000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6042438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6052438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6062438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6072438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6082438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
6092438.2974: supR3HardenedDllNotificationCallback: load 00007ffd015a0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
6102438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
6112438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6122438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6132438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6142438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6152438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
6162438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
6172438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfd0a0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6182438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6192438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe1b0000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6202438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
6212438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
6222438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6232438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6242438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
6252438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
6262438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6272438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6282438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6292438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6302438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6312438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6322438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6332438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6342438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6352438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6362438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6372438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6382438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6392438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6402438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6412438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6422438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6432438.2974: supR3HardenedDllNotificationCallback: load 00007ffce5660000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6442438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6452438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6462438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6472438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6482438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6492438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6502438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6512438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6522438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6532438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6542438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6552438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6562438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6572438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6582438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6592438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6602438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6612438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6622438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6632438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6642438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6652438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6662438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6672438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6682438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6692438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6702438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6712438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6722438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6732438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\WINDOWS\System32\cryptnet.dll'
6742438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6752438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce5660000 'C:\Windows\System32\cryptnet.dll'
6762438.2974: supR3HardenedDllNotificationCallback: load 00007ffd014f0000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
6772438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6782438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6792438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
6802438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6812438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6822438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6832438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6852438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6882438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6902438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6912438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6922438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6932438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
6942438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6952438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6962438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
6972438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6982438.2974: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000e60f50
6992438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
7002438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA01075C6593D97F18E3F56FB9B6F7A14850F6D2
7012438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7022438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7032438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd01800000 'C:\WINDOWS\System32\rpcrt4.dll'
7042438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7052438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7062438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7072438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7082438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7092438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7102438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7112438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7122438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7132438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7142438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7152438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7162438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7172438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7182438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
7192438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7202438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7212438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7222438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7232438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7242438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7252438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2674_for_KB3194496~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
7262438.2974: g_pfnWinVerifyTrust=00007ffcfece7ff0
7272438.2974: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7282438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7292438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7302438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7312438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7322438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7332438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7342438.2974: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
7352438.2974: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7362438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7372438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7382438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7392438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7402438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7412438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7422438.2974: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
7432438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7442438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7452438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7462438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7472438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
7482438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7492438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
7502438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
7512438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
7522438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7532438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7542438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7552438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7562438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7572438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
7582438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7592438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7602438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7612438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
7622438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7632438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7642438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7652438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
7662438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7672438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7682438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7692438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
7702438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7712438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7722438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7732438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
7742438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7752438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7762438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7772438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
7782438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7792438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7802438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7812438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7822438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7832438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
7842438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7852438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7862438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7872438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7882438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
7892438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7902438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7912438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
7922438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7932438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7942438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
7952438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7962438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
7972438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
7982438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
7992438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8002438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
8012438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8022438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8032438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
8042438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8052438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8062438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
8072438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8082438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8092438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8102438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8112438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8122438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8132438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
8142438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8152438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8162438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
8172438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\system32\crypt32.dll'
8182438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8192438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x25e5a3bff915b700 C=CZ, O=ARTIN, spol. s r.o., CN=ARTIN CA 2, Email=artin@artin.cz
8202438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8212438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8222438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8232438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x94fb3f125608a800 C=CZ, CN=I.CA - Standard Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Provider of Certification Services
8242438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8252438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8262438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xee38974ccd87e400 CN=ARTIN CA, O=ARTIN, spol. s r.o., L=Brno, ST=Czech Republic, C=CZ, Email=artin@artin.cz
8272438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa5d61bfbb1edbf00 C=AT, OU=ENG Windows, O=Hutchison Drei Austria GmbH, CN=Hutchison Drei Austria Root CA
8282438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8292438.2974: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=Global, DC=Group, CN=Group.Global.IssuingCA
8302438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8312438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x2fb8b6d690309b00 DC=Global, DC=Group, CN=Group.Global.RootCA
8322438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8332438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
8342438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8352438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8362438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8372438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8382438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8392438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8402438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8412438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8422438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
8432438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
8442438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8452438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8462438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8472438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8482438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x6a4c39c4152dd100 C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s.
8492438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8502438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
8512438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8522438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8532438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
8542438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8552438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
8562438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8572438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8582438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
8592438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8602438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8612438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8622438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8632438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8642438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8652438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8662438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8672438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8682438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8692438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8702438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
8712438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8722438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8732438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
8742438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8752438.2974: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8762438.2974: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=57
8772438.2974: SUPR3HardenedMain: Load Runtime...
8782438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8792438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8802438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8812438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8822438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8832438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8842438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
8852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8872438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8902438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
8912438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
8922438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8932438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
8942438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
8952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8962438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8972438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8982438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8992438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9002438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
9012438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9022438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9032438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9062438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9072438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9082438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9092438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
9102438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
9112438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
9122438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9132438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9142438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9152438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9162438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9172438.2974: supR3HardenedDllNotificationCallback: load 000000005beb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9182438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9192438.2974: supR3HardenedDllNotificationCallback: load 000000005bf90000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9202438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
9212438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01020000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
9222438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
9232438.2974: supR3HardenedDllNotificationCallback: load 00007ffce8600000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9242438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9252438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9262438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9272438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9282438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9292438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9302438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9312438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9322438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9332438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9342438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9352438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9362438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9372438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9382438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9392438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9402438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9412438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9422438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9432438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9442438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9452438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9462438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9472438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9482438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9492438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9502438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9512438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9522438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9532438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9542438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9552438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9562438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9572438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9582438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9592438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9602438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9612438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9622438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9632438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9642438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9652438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9662438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9672438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9682438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9692438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9702438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
9712438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9722438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9732438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9742438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9752438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce8600000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9762438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\WINDOWS\system32\Wintrust.dll'
9772438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
9782438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
9792438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9802438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9812438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
9822438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
9832438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\system32\crypt32.dll'
9842438.2974: SUPR3HardenedMain: Load TrustedMain...
9852438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
9862438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9872438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9882438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9892438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9902438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9912438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9922438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9932438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9942438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9952438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9962438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9972438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9982438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9992438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
10002438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10012438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
10022438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
10032438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10052438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
10062438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
10072438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10082438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10092438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
10102438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
10112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10122438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10132438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10142438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10152438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10162438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10172438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10182438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
10192438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10202438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
10212438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
10222438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10232438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10242438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10252438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
10262438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10272438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10282438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
10292438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10302438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
10312438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
10322438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
10332438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10342438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10352438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10362438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10372438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10382438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10392438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10402438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10412438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
10422438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10432438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
10442438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
10452438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
10462438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10472438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10482438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
10492438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
10502438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
10512438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10522438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10532438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
10542438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10552438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10562438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
10572438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
10582438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
10592438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
10602438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
10612438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
10622438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
10632438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10642438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10652438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10662438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10672438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10682438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
10692438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10702438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10712438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
10722438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10732438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
10742438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10752438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10762438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10772438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10782438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
10792438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10802438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10822438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10832438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10852438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10882438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
10892438.2974: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
10902438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
10912438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
10922438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
10932438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
10942438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10952438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
10962438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
10972438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
10982438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
10992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11002438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11012438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
11022438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11032438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11042438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
11052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11062438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11072438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11082438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11092438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11102438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11122438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11132438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11142438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
11152438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
11162438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11172438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
11182438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
11192438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
11202438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
11212438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
11222438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
11232438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11242438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
11252438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
11262438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
11272438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
11282438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11292438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11302438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11312438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11322438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11332438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
11342438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11352438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
11362438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
11372438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
11382438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11392438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
11402438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
11412438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
11422438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
11432438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
11442438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11452438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11462438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
11472438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11482438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11492438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11502438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11512438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
11522438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11532438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
11542438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
11552438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
11562438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
11572438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
11582438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11592438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11602438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11612438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11622438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11632438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11642438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11652438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11662438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11672438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11682438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11692438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11702438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11712438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
11722438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11732438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11742438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11752438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11762438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11772438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11782438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11792438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11802438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11822438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11832438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11862438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11892438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11902438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11912438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11922438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11932438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11952438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
11962438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11972438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11982438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12002438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12012438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
12022438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12032438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12042438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12052438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
12062438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
12072438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12082438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
12092438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
12102438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12122438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12132438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12142438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12152438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12162438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
12172438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
12182438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
12192438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
12202438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
12212438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12222438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12232438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12242438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12252438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12262438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12272438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12282438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12292438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
12302438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12312438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12322438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
12332438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12342438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12352438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12362438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12372438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12382438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12392438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12402438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12412438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
12422438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12432438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
12442438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
12452438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
12462438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
12472438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
12482438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12492438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12502438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
12512438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12522438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12532438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12542438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
12552438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
12562438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12572438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12582438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12592438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12602438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12612438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
12622438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12632438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12642438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12652438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12662438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12672438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12682438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12692438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12702438.2974: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12712438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12722438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12732438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
12742438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
12752438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
12762438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12772438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12782438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12792438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
12802438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
12812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12822438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12832438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12862438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
12872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12902438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12912438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12922438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12932438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12962438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
12972438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12982438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12992438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
13002438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
13012438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13022438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13032438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
13042438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
13052438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
13062438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13072438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13082438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13092438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
13102438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13122438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13132438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13142438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13152438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
13162438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13172438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
13182438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'.
13192438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
13202438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'.
13212438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'.
13222438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
13232438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
13242438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13252438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13262438.2974: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
13272438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13282438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcrypt.dll'.
13292438.2974: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
13302438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
13312438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13322438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13332438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13342438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13352438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13362438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13372438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13382438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13392438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13402438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13412438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13422438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13432438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13442438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13452438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13462438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13472438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13482438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13492438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13502438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13512438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13522438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
13532438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13542438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13552438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
13562438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13572438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13582438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13592438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
13602438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
13612438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13622438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13632438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13642438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13652438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13662438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
13672438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13682438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
13692438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
13702438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13712438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13722438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13732438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13742438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13752438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13762438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13772438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13782438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13792438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13802438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13822438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13832438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13872438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13902438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13912438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
13922438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13932438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13952438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13962438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
13972438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13982438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14002438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
14012438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
14022438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
14032438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14052438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14062438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
14072438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
14082438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14092438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14102438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14122438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14132438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14142438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14152438.2974: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14162438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14172438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
14182438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
14192438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
14202438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
14212438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
14222438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14232438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14242438.2974: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14252438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14262438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14272438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14282438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14292438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14302438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14312438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14322438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14332438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
14342438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14352438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14362438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14372438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14382438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14392438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14402438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14412438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\comctl32.dll)
14422438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\comctl32.dll
14432438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14442438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14452438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfeba0000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
14462438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
14472438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff900000 LB 0x00165000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
14482438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfea10000 LB 0x00182000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14492438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
14502438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14512438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
14522438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
14532438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
14542438.2974: supR3HardenedDllNotificationCallback: load 00007ffd00f80000 LB 0x00034000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
14552438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14562438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfaff0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14572438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14582438.2974: supR3HardenedDllNotificationCallback: load 00007ffce8500000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
14592438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14602438.2974: supR3HardenedDllNotificationCallback: load 00007ffcebb00000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14612438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14622438.2974: supR3HardenedDllNotificationCallback: load 00007ffcebb90000 LB 0x00123000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14632438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14642438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfedf0000 LB 0x00042000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
14652438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
14662438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
14672438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff630000 LB 0x002c7000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
14682438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14692438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe1d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
14702438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14712438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
14722438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
14732438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01930000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
14742438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14752438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe220000 LB 0x0000f000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14762438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14772438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14782438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
14792438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
14802438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfec30000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
14812438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14822438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14832438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
14842438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
14852438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
14862438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfe230000 LB 0x006da000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
14872438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14882438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14892438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
14902438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
14912438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
14922438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
14932438.2974: supR3HardenedDllNotificationCallback: load 00007ffcffa70000 LB 0x01508000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
14942438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14952438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01b00000 LB 0x00137000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
14962438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14972438.2974: supR3HardenedDllNotificationCallback: load 00007ffceac50000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
14982438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14992438.2974: supR3HardenedDllNotificationCallback: load 000000005b950000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
15002438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15012438.2974: supR3HardenedDllNotificationCallback: load 00007ffcc6db0000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
15022438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15032438.2974: supR3HardenedDllNotificationCallback: load 000000005b400000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
15042438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15052438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfa9d0000 LB 0x00085000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
15062438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
15072438.2974: supR3HardenedDllNotificationCallback: load 00007ffcf9640000 LB 0x000ac000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\COMCTL32.dll [fFlags=0x0]
15082438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\comctl32.dll [avoiding WinVerifyTrust]
15092438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01990000 LB 0x000fa000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
15102438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
15112438.2974: supR3HardenedDllNotificationCallback: load 00007ffcebb30000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
15122438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15132438.2974: supR3HardenedDllNotificationCallback: load 000000005b3a0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
15142438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15152438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfee40000 LB 0x0009c000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
15162438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15172438.2974: supR3HardenedDllNotificationCallback: load 00007ffcff570000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15182438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15192438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfc240000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
15202438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15212438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfc380000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
15222438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
15232438.2974: supR3HardenedDllNotificationCallback: load 00007ffcc7360000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15242438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15252438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
15262438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
15272438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
15282438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
15292438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
15302438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
15312438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
15322438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
15332438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
15342438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
15352438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
15362438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
15372438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\comctl32.dll'.
15382438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_4151bdeb4bbdd21f\comctl32.dll' [rescheduled]
15392438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
15402438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
15412438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
15422438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
15432438.2974: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
15442438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
15452438.2974: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
15462438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
15472438.2974: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
15482438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
15492438.2974: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
15502438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
15512438.2974: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
15522438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
15532438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
15542438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
15552438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15562438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
15572438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
15582438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
15592438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
15602438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
15612438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15622438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
15632438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
15642438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
15652438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
15662438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15672438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
15682438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15692438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15702438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15712438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15722438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15732438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
15742438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
15752438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15762438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15772438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15782438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15792438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
15802438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15822438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15832438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15842438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15882438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15902438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15912438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
15922438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
15932438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
15942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15962438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15972438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15982438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16002438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16012438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16022438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16032438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16062438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16072438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16082438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
16092438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
16102438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16122438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16132438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16142438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16152438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16162438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
16172438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16182438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16192438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16202438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16212438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16222438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16232438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
16242438.2974: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16252438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16262438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16272438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16282438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16292438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01090000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16302438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16312438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd01090000 'C:\WINDOWS\system32\IMM32.DLL'
16322438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
16332438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
16342438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16352438.2974: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
16362438.2974: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
16372438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16382438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd01090000 'C:\WINDOWS\System32\imm32.dll'
16392438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16402438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16412438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\System32\kernel32.dll'
16422438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16432438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-string-l1-1-0'
16442438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16452438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-datetime-l1-1-1'
16462438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16472438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-localization-obsolete-l1-2-0'
16482438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16492438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16502438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd014f0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16512438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc7360000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16522438.2974: SUPR3HardenedMain: Calling TrustedMain (00007ffcc7361610)...
16532438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16542438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16552438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcffa70000 'C:\WINDOWS\system32\shell32.dll'
16562438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
16572438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
16582438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
16592438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
16602438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
16612438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
16622438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16632438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16642438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16652438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16662438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16672438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16682438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16692438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16702438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16712438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16722438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16732438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16742438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16752438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16762438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16772438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16782438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16792438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16802438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16812438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16822438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16832438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
16842438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
16852438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16872438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16882438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16892438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16902438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16912438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16922438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16932438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16942438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16962438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16972438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16982438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
17002438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
17012438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
17022438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
17032438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
17042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17062438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17072438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17082438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17092438.2974: supR3HardenedDllNotificationCallback: load 00007ffccb380000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
17102438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17112438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccb380000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
17122438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17132438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
17142438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
17152438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5062D9B170D174E6DFFCD301D2C820A76C92F7CA
17162438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
17172438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
17182438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
17192438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17202438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17212438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
17222438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
17232438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
17242438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17252438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17262438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17272438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17282438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17292438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17302438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17312438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17322438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17332438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17342438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfc930000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17352438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17362438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfc930000 'C:\WINDOWS\system32\uxtheme.dll'
17372438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff900000 'C:\WINDOWS\system32\user32.dll'
17382438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17392438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17402438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcffa70000 'C:\WINDOWS\system32\shell32.dll'
17412438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
17422438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
17432438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
17442438.2974: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
17452438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17462438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfec30000 'C:\WINDOWS\system32\SHCore.dll'
17472438.2974: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17482438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17492438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
17502438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17512438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'win32u.dll'.
17522438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
17532438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
17542438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
17552438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17562438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfbad0000 LB 0x00026000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17572438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17582438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17592438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17602438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17612438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17622438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17632438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17642438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17652438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17662438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17672438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
17682438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
17692438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17702438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17712438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17722438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfc380000 'C:\WINDOWS\system32\winmm.dll'
17732438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
17742438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17752438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfc380000 'C:\WINDOWS\system32\winmm.dll'
17762438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17772438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17782438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcffa70000 'C:\WINDOWS\system32\shell32.dll'
17792438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
17802438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17812438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfc930000 'C:\WINDOWS\system32\uxtheme.dll'
17822438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17832438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17842438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd014f0000 'C:\WINDOWS\system32\advapi32.dll'
17852438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
17862438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
17872438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17882438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'profapi.dll'.
17892438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
17902438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
17912438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17922438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17932438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
17942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17962438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17972438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
17982438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfd850000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17992438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
18002438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfd850000 'C:\WINDOWS\system32\userenv.dll'
18012438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
18022438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18032438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\System32\kernel32.dll'
18042438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01760000 LB 0x0009f000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
18052438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18062438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
18072438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
18082438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
18092438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18102438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18112438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
18122438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18132438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18142438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
18152438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
18162438.4a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
18172438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
18182438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18192438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18202438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18212438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18222438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18232438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18242438.4a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18252438.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18262438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18272438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18282438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18292438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18302438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18312438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18322438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18332438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18342438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18352438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18362438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18372438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18382438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18392438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18402438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18412438.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18422438.4a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18432438.4a8: supR3HardenedDllNotificationCallback: load 00007ffcc68b0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18442438.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
18452438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc68b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18462438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
18472438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18482438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18492438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18502438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
18512438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18522438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18532438.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18542438.4a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18552438.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18562438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18572438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18582438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18592438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18602438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18612438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18622438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18632438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18642438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18652438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18662438.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18672438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
18682438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
18692438.4a8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18702438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18712438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18722438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18732438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18742438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18752438.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18762438.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18772438.4a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18782438.4a8: supR3HardenedDllNotificationCallback: load 00007ffccb2c0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
18792438.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18802438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffccb2c0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
18812438.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18822438.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18832438.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff570000 'C:\Windows\System32\oleaut32.dll'
18842438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd00f80000 'C:\WINDOWS\system32\gdi32.dll'
18852438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcffa70000 'C:\WINDOWS\system32\shell32.dll'
18862438.2974: supR3HardenedDllNotificationCallback: load 00007ffd01600000 LB 0x0015b000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18872438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18882438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
18892438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
18902438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
18912438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'.
18922438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
18932438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
18942438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18952438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18962438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18972438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18982438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19002438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19012438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19022438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19032438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19042438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19062438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19072438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19082438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
19092438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19102438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
19112438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
19122438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F41B1C1088B7141EC40BC3A829C8A08D763971F
19132438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19142438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19152438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_890_for_KB3194496~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
19162438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19172438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19182438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19192438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
19202438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
19212438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
19222438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
19232438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19242438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19252438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19262438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19272438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19282438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19292438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19302438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
19312438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19322438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19332438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19342438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19352438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19362438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19372438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19382438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19392438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19402438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19412438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19422438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19432438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
19442438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
19452438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19462438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19472438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19482438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
19492438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19502438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19512438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19522438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19532438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19542438.2974: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
19552438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19562438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19572438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
19582438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
19592438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19602438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19612438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19622438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19632438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19642438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19652438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19662438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19672438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19682438.2974: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
19692438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19702438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19712438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
19722438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19732438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19742438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19752438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19762438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19772438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19782438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19792438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfd130000 LB 0x0009f000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19802438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19812438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfa710000 LB 0x002b6000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19822438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
19832438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfbd20000 LB 0x00151000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19842438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
19852438.2974: supR3HardenedDllNotificationCallback: load 00007ffce9580000 LB 0x00049000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19862438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
19872438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffce9580000 'C:\WINDOWS\system32\dataexchange.dll'
19882438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
19892438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
19902438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
19912438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19922438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19932438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
19942438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
19952438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
19962438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
19972438.2974: supR3HardenedDllNotificationCallback: load 00007ffcfcc00000 LB 0x0011c000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19982438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19992438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20002438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20012438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
20022438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20032438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20042438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20052438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20062438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20072438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20082438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20092438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
20102438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
20112438.2974: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
20122438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20132438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20142438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd01b00000 'C:\WINDOWS\System32\ole32.dll'
20152438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20162438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20172438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff570000 'C:\WINDOWS\System32\OLEAUT32.dll'
20182438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20192438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
20202438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
20212438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A290917802D4CF47EA48D3329EF360233350A583
20222438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
20232438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20242438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
20252438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
20262438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20272438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20282438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20292438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20302438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20312438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20322438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20332438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20342438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20352438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a20 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20362438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
20372438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
20382438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C43FEE2E561B2B0F306322C4D857AFC8E83D17B
20392438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
20402438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
20412438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
20422438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20432438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20442438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
20452438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
20462438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
20472438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20482438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20492438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20502438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20512438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20522438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20532438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20542438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20552438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20562438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20572438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20582438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20592438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20602438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20612438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20622438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20632438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20642438.2974: supR3HardenedDllNotificationCallback: load 00007ffcf53a0000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20652438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
20662438.2974: supR3HardenedDllNotificationCallback: load 00007ffcf5020000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20672438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20682438.2974: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20692438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20702438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf5020000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20712438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000994 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20722438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
20732438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
20742438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD02F2EC1572091695F4D052CCF68BAA380A2D88
20752438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
20762438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
20772438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
20782438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20792438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20802438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
20812438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20822438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20832438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20842438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20852438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20862438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20872438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20882438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20892438.2974: supR3HardenedDllNotificationCallback: load 00007ffcf4910000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
20902438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
20912438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf4910000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
20922438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20932438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-localization-l1-2-0.dll'
20942438.2974: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20952438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfeee0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20962438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
20972438.2974: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
20982438.2974: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
20992438.2974: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37158B4AFADBDB40075A00539346B570E4EDE30C
21002438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21012438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
21022438.2974: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21032438.2974: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21042438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21052438.2974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21062438.2974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21072438.2974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21082438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21092438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21102438.2974: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21112438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21122438.2974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21132438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21142438.2974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21152438.2974: supR3HardenedDllNotificationCallback: load 00007ffcf52a0000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21162438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21172438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf52a0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21182438.2fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21192438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21202438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21212438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21222438.2fac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21232438.2fac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21242438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21252438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21262438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21272438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21282438.2fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21292438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21302438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21312438.2fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21322438.2fac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21332438.2fac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21342438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21352438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21362438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21372438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21382438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21392438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21402438.2fac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21412438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21422438.2fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21432438.2fac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21442438.2fac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21452438.2fac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21462438.2fac: supR3HardenedDllNotificationCallback: load 000000005b240000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21472438.2fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
21482438.2fac: supR3HardenedDllNotificationCallback: load 00007ffcc2550000 LB 0x0029a000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21492438.2fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21502438.2fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc2550000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21512438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21522438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
21532438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
21542438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
21552438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E89F511511564E574C5A23BC2CF8523E55A3124
21562438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21572438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
21582438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
21592438.15f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21602438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21612438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
21622438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'oleaut32.dll'.
21632438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'ws2_32.dll'.
21642438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'netsetupapi.dll'.
21652438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'setupapi.dll'.
21662438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
21672438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
21682438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21692438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21702438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21712438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
21722438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21732438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
21742438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
21752438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
21762438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
21772438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
21782438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
21792438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21802438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21812438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
21822438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21832438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21842438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21852438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21862438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21872438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
21882438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
21892438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21902438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
21912438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
21922438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
21932438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21942438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21952438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21962438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21972438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21982438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21992438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22002438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22012438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22022438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22032438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22042438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22052438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22062438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22072438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22082438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22092438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22102438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcf4640000 LB 0x00027000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
22112438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
22122438.15f8: supR3HardenedDllNotificationCallback: load 00007ffd010c0000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
22132438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
22142438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcf42e0000 LB 0x0007c000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
22152438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
22162438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf42e0000 'C:\Windows\System32\NetSetupShim.dll'
22172438.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22182438.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22192438.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22202438.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22212438.1b00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22222438.1b00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22232438.1b00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22242438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22252438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22262438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22272438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22282438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22292438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22302438.1b00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22312438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22322438.1b00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22332438.1b00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22342438.1b00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22352438.1b00: supR3HardenedDllNotificationCallback: load 00007ffcfafe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22362438.1b00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22372438.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfafe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22382438.1b00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff900000 'C:\WINDOWS\system32\User32.dll'
22392438.d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22402438.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22412438.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22422438.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22432438.d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22442438.d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22452438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22462438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22472438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22482438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22492438.d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22502438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22512438.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22522438.d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22532438.d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22542438.d0: supR3HardenedDllNotificationCallback: load 00007ffcebaf0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22552438.d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22562438.d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcebaf0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22572438.103c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22582438.103c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22592438.103c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22602438.103c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22612438.103c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
22622438.103c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22632438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22642438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22652438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22662438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22672438.103c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22682438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22692438.103c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22702438.103c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22712438.103c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22722438.103c: supR3HardenedDllNotificationCallback: load 00007ffceb950000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22732438.103c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22742438.103c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffceb950000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22752438.1008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22762438.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22772438.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22782438.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22792438.1008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
22802438.1008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22812438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22822438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22832438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22842438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22852438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22862438.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22872438.1008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22882438.1008: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22892438.1008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22902438.1008: supR3HardenedDllNotificationCallback: load 00007ffceb940000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
22912438.1008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22922438.1008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffceb940000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
22932438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcffa70000 'C:\WINDOWS\system32\Shell32.dll'
22942438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22952438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
22962438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22972438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22982438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22992438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
23002438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23012438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23022438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23032438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23042438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23052438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23062438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23072438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23082438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23092438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23102438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23112438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
23122438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23132438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23142438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23152438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23162438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23172438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23182438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23192438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23202438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23212438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23222438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23232438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23242438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23252438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23262438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23272438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23282438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23292438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23302438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23312438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23322438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23332438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23342438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23352438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23362438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23372438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23382438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23392438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23402438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23412438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23422438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23432438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
23442438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23452438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23462438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23472438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23482438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23492438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23502438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23512438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23522438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23532438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23542438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23552438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23562438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23572438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23582438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23592438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23602438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23612438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23622438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23632438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23642438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23652438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23662438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23672438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23682438.15f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23692438.15f8: supR3HardenedDllNotificationCallback: load 00007ffce84a0000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
23702438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23712438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcc1c20000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
23722438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23732438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcfd760000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
23742438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23752438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcc1c80000 LB 0x008c7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23762438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
23772438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc1c80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
23782438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23792438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23802438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23812438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc68b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
23822438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23832438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23842438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23852438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcc1c20000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
23862438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23872438.157c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
23882438.157c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23892438.157c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23902438.157c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23912438.157c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
23922438.157c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
23932438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23942438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23952438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23962438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23972438.157c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23982438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23992438.157c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24002438.157c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24012438.157c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24022438.157c: supR3HardenedDllNotificationCallback: load 00007ffceb880000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24032438.157c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24042438.157c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffceb880000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24052438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24062438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24072438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfd760000 'C:\WINDOWS\system32\Iphlpapi.dll'
24082438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24092438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
24102438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
24112438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
24122438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcff3c0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
24132438.15f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
24142438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
24152438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcf82c0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24162438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24172438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24182438.15f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
24192438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
24202438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcf9550000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
24212438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
24222438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24232438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24242438.15f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
24252438.15f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
24262438.15f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
24272438.15f8: supR3HardenedDllNotificationCallback: load 00007ffcf9530000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
24282438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
24292438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e18 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
24302438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
24312438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
24322438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D280CDF967AD5FF8409BEF96F4C54C1E47D620AC
24332438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24342438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24352438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24362438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24372438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24382438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24392438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24402438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24412438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24422438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24432438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24442438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24452438.15f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24462438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24472438.15f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24482438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24492438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24502438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
24512438.15f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24522438.15f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
24532438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
24542438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
24552438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
24562438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2D1E4C0F8001689DAD3880BC6AABF203D6F2118
24572438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24582438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24592438.15f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
24602438.15f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24612438.15f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
24622438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24632438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24642438.15f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
24652438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24662438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24672438.15f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
24682438.15f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
24692438.15f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24702438.15f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'C:\WINDOWS\system32\kernel32.dll'
24712438.bbc: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
24722438.bbc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
24732438.bbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
24742438.bbc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
24752438.bbc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f98 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll
24762438.bbc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e60f50
24772438.bbc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e60f50
24782438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfece0000 'C:\Windows\System32\WINTRUST.DLL'
24792438.bbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
24802438.bbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
24812438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\CRYPT32.dll'
24822438.bbc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95BFFD77998D669806D4A0BEB8CF49EAB1A25F0B
24832438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24842438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24852438.bbc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_967_for_KB3194496~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll'
24862438.bbc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24872438.bbc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll'
24882438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfdb50000 'C:\WINDOWS\system32\rsaenh.dll'
24892438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff100000 'C:\WINDOWS\System32\crypt32.dll'
24902438.bbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'.
24912438.bbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
24922438.bbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
24932438.bbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
24942438.bbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24952438.bbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24962438.bbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24972438.bbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24982438.bbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24992438.bbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25002438.bbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
25012438.bbc: supR3HardenedDllNotificationCallback: load 00007ffcfd9d0000 LB 0x0005c000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
25022438.bbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
25032438.bbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcfd9d0000 'C:\WINDOWS\system32\mswsock.dll'
25042438.2974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
25052438.2974: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
25062438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd01600000 'C:\WINDOWS\System32\MSCTF.dll'
25072438.2974: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25082438.2974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcff2f0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
25092438.1448: supR3HardenedDllNotificationCallback: Unload 00007ffcf42e0000 LB 0x0007c000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
25102438.1448: supR3HardenedDllNotificationCallback: Unload 00007ffcf4640000 LB 0x00027000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
25111f50.2668: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1672322 ms, the end);
251256c.2aa4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1673033 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy