VirtualBox

Ticket #16807: VBoxHardening.log

File VBoxHardening.log, 295.7 KB (added by ManWithNoName, 7 years ago)
Line 
12d40.2df4: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
22d40.2df4: \SystemRoot\System32\ntdll.dll:
32d40.2df4: CreationTime: 2017-03-18T20:57:39.201977500Z
42d40.2df4: LastWriteTime: 2017-03-18T20:57:39.201977500Z
52d40.2df4: ChangeTime: 2017-05-19T00:30:22.496636900Z
62d40.2df4: FileAttributes: 0x20
72d40.2df4: Size: 0x1d7450
82d40.2df4: NT Headers: 0xe0
92d40.2df4: Timestamp: 0xb79b6ddb
102d40.2df4: Machine: 0x8664 - amd64
112d40.2df4: Timestamp: 0xb79b6ddb
122d40.2df4: Image Version: 10.0
132d40.2df4: SizeOfImage: 0x1db000 (1945600)
142d40.2df4: Resource Dir: 0x170000 LB 0x69398
152d40.2df4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162d40.2df4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172d40.2df4: ProductName: Microsoft® Windows® Operating System
182d40.2df4: ProductVersion: 10.0.15063.0
192d40.2df4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
202d40.2df4: FileDescription: NT Layer DLL
212d40.2df4: \SystemRoot\System32\kernel32.dll:
222d40.2df4: CreationTime: 2017-05-19T00:38:27.082547500Z
232d40.2df4: LastWriteTime: 2017-05-19T00:38:27.082547500Z
242d40.2df4: ChangeTime: 2017-05-18T23:41:05.710795600Z
252d40.2df4: FileAttributes: 0x20
262d40.2df4: Size: 0xad068
272d40.2df4: NT Headers: 0xf8
282d40.2df4: Timestamp: 0xf5fa43df
292d40.2df4: Machine: 0x8664 - amd64
302d40.2df4: Timestamp: 0xf5fa43df
312d40.2df4: Image Version: 10.0
322d40.2df4: SizeOfImage: 0xae000 (712704)
332d40.2df4: Resource Dir: 0xac000 LB 0x520
342d40.2df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352d40.2df4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362d40.2df4: ProductName: Microsoft® Windows® Operating System
372d40.2df4: ProductVersion: 10.0.15063.296
382d40.2df4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
392d40.2df4: FileDescription: Windows NT BASE API Client DLL
402d40.2df4: \SystemRoot\System32\KernelBase.dll:
412d40.2df4: CreationTime: 2017-05-19T00:38:27.113762500Z
422d40.2df4: LastWriteTime: 2017-05-19T00:38:27.113762500Z
432d40.2df4: ChangeTime: 2017-05-18T23:41:06.036414800Z
442d40.2df4: FileAttributes: 0x20
452d40.2df4: Size: 0x249df0
462d40.2df4: NT Headers: 0x100
472d40.2df4: Timestamp: 0xa0527b0c
482d40.2df4: Machine: 0x8664 - amd64
492d40.2df4: Timestamp: 0xa0527b0c
502d40.2df4: Image Version: 10.0
512d40.2df4: SizeOfImage: 0x249000 (2396160)
522d40.2df4: Resource Dir: 0x22a000 LB 0x548
532d40.2df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542d40.2df4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552d40.2df4: ProductName: Microsoft® Windows® Operating System
562d40.2df4: ProductVersion: 10.0.15063.296
572d40.2df4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
582d40.2df4: FileDescription: Windows NT BASE API Client DLL
592d40.2df4: \SystemRoot\System32\apisetschema.dll:
602d40.2df4: CreationTime: 2017-03-18T20:57:35.373527900Z
612d40.2df4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
622d40.2df4: ChangeTime: 2017-05-19T00:30:20.262028800Z
632d40.2df4: FileAttributes: 0x20
642d40.2df4: Size: 0x1ada0
652d40.2df4: NT Headers: 0xc0
662d40.2df4: Timestamp: 0x76544b2
672d40.2df4: Machine: 0x8664 - amd64
682d40.2df4: Timestamp: 0x76544b2
692d40.2df4: Image Version: 10.0
702d40.2df4: SizeOfImage: 0x1b000 (110592)
712d40.2df4: Resource Dir: 0x1a000 LB 0x408
722d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732d40.2df4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742d40.2df4: ProductName: Microsoft® Windows® Operating System
752d40.2df4: ProductVersion: 10.0.15063.0
762d40.2df4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
772d40.2df4: FileDescription: ApiSet Schema DLL
782d40.2df4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792d40.2df4: supR3HardenedWinFindAdversaries: 0x40
802d40.2df4: \SystemRoot\System32\drivers\kl1.sys:
812d40.2df4: CreationTime: 2015-09-11T19:30:40.000000000Z
822d40.2df4: LastWriteTime: 2015-09-11T19:30:40.000000000Z
832d40.2df4: ChangeTime: 2017-05-18T23:45:21.767616300Z
842d40.2df4: FileAttributes: 0x20
852d40.2df4: Size: 0x74cb8
862d40.2df4: NT Headers: 0xe8
872d40.2df4: Timestamp: 0x558314c5
882d40.2df4: Machine: 0x8664 - amd64
892d40.2df4: Timestamp: 0x558314c5
902d40.2df4: Image Version: 0.0
912d40.2df4: SizeOfImage: 0x762000 (7741440)
922d40.2df4: Resource Dir: 0x760000 LB 0x448
932d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
942d40.2df4: [Raw version resource data: 0x760060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
952d40.2df4: ProductName: Kaspersky Anti-Virus
962d40.2df4: ProductVersion: 6.0.1.990
972d40.2df4: FileVersion: 6.8.0.54
982d40.2df4: FileDescription: Kaspersky Unified Driver
992d40.2df4: \SystemRoot\System32\drivers\klflt.sys:
1002d40.2df4: CreationTime: 2016-12-21T21:57:14.482594600Z
1012d40.2df4: LastWriteTime: 2017-04-18T22:34:02.291674800Z
1022d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1032d40.2df4: FileAttributes: 0x20
1042d40.2df4: Size: 0x2d7f0
1052d40.2df4: NT Headers: 0x100
1062d40.2df4: Timestamp: 0x586383b2
1072d40.2df4: Machine: 0x8664 - amd64
1082d40.2df4: Timestamp: 0x586383b2
1092d40.2df4: Image Version: 6.2
1102d40.2df4: SizeOfImage: 0x39000 (233472)
1112d40.2df4: Resource Dir: 0x37000 LB 0x418
1122d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132d40.2df4: [Raw version resource data: 0x37060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
1142d40.2df4: ProductName: System Interceptors PDK
1152d40.2df4: ProductVersion: 11.0.47.0
1162d40.2df4: FileVersion: 11.0.47.0
1172d40.2df4: FileDescription: Filter Core [fre_win8_x64]
1182d40.2df4: \SystemRoot\System32\drivers\klif.sys:
1192d40.2df4: CreationTime: 2016-12-21T21:57:14.467000200Z
1202d40.2df4: LastWriteTime: 2017-04-18T22:34:02.419214000Z
1212d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1222d40.2df4: FileAttributes: 0x20
1232d40.2df4: Size: 0xf49f0
1242d40.2df4: NT Headers: 0x118
1252d40.2df4: Timestamp: 0x58d6af7b
1262d40.2df4: Machine: 0x8664 - amd64
1272d40.2df4: Timestamp: 0x58d6af7b
1282d40.2df4: Image Version: 6.2
1292d40.2df4: SizeOfImage: 0xf9000 (1019904)
1302d40.2df4: Resource Dir: 0xf6000 LB 0x1ae0
1312d40.2df4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322d40.2df4: [Raw version resource data: 0xf6110 LB 0x3d8, codepage 0x0 (reserved 0x0)]
1332d40.2df4: ProductName: System Interceptors PDK
1342d40.2df4: ProductVersion: 11.0.286.0
1352d40.2df4: FileVersion: 11.0.286.0
1362d40.2df4: FileDescription: Core System Interceptors [fre_win8_x64]
1372d40.2df4: \SystemRoot\System32\drivers\klim6.sys:
1382d40.2df4: CreationTime: 2016-04-29T00:52:56.000000000Z
1392d40.2df4: LastWriteTime: 2016-04-29T00:52:56.000000000Z
1402d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1412d40.2df4: FileAttributes: 0x20
1422d40.2df4: Size: 0xc858
1432d40.2df4: NT Headers: 0xf8
1442d40.2df4: Timestamp: 0x56d0555d
1452d40.2df4: Machine: 0x8664 - amd64
1462d40.2df4: Timestamp: 0x56d0555d
1472d40.2df4: Image Version: 6.2
1482d40.2df4: SizeOfImage: 0xb000 (45056)
1492d40.2df4: Resource Dir: 0x9000 LB 0x430
1502d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1512d40.2df4: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1522d40.2df4: ProductName: System Interceptors PDK
1532d40.2df4: ProductVersion: 11.0.0.12
1542d40.2df4: FileVersion: 11.0.0.12
1552d40.2df4: FileDescription: Packet Network Filter [fre_win8_x64]
1562d40.2df4: \SystemRoot\System32\drivers\klkbdflt.sys:
1572d40.2df4: CreationTime: 2015-11-11T11:04:20.000000000Z
1582d40.2df4: LastWriteTime: 2015-11-11T11:04:20.000000000Z
1592d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1602d40.2df4: FileAttributes: 0x20
1612d40.2df4: Size: 0xcd80
1622d40.2df4: NT Headers: 0x100
1632d40.2df4: Timestamp: 0x563023a1
1642d40.2df4: Machine: 0x8664 - amd64
1652d40.2df4: Timestamp: 0x563023a1
1662d40.2df4: Image Version: 6.2
1672d40.2df4: SizeOfImage: 0xc000 (49152)
1682d40.2df4: Resource Dir: 0xa000 LB 0x438
1692d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1702d40.2df4: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
1712d40.2df4: ProductName: System Interceptors PDK
1722d40.2df4: ProductVersion: 10.0.0.23
1732d40.2df4: FileVersion: 10.0.0.23
1742d40.2df4: FileDescription: Keyboard Device Filter [fre_win8_x64]
1752d40.2df4: \SystemRoot\System32\drivers\klmouflt.sys:
1762d40.2df4: CreationTime: 2015-06-07T00:52:56.000000000Z
1772d40.2df4: LastWriteTime: 2015-06-07T00:52:56.000000000Z
1782d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1792d40.2df4: FileAttributes: 0x20
1802d40.2df4: Size: 0xa2b8
1812d40.2df4: NT Headers: 0xe8
1822d40.2df4: Timestamp: 0x556da33c
1832d40.2df4: Machine: 0x8664 - amd64
1842d40.2df4: Timestamp: 0x556da33c
1852d40.2df4: Image Version: 6.2
1862d40.2df4: SizeOfImage: 0xc000 (49152)
1872d40.2df4: Resource Dir: 0xa000 LB 0x438
1882d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1892d40.2df4: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
1902d40.2df4: ProductName: System Interceptors PDK
1912d40.2df4: ProductVersion: 10.0.0.11
1922d40.2df4: FileVersion: 10.0.0.11
1932d40.2df4: FileDescription: Mouse Device Filter [fre_win8_x64]
1942d40.2df4: \SystemRoot\System32\drivers\kneps.sys:
1952d40.2df4: CreationTime: 2015-12-02T23:38:12.000000000Z
1962d40.2df4: LastWriteTime: 2015-12-02T23:38:12.000000000Z
1972d40.2df4: ChangeTime: 2017-05-18T23:45:21.783244000Z
1982d40.2df4: FileAttributes: 0x20
1992d40.2df4: Size: 0x2f788
2002d40.2df4: NT Headers: 0x100
2012d40.2df4: Timestamp: 0x5652da27
2022d40.2df4: Machine: 0x8664 - amd64
2032d40.2df4: Timestamp: 0x5652da27
2042d40.2df4: Image Version: 5.2
2052d40.2df4: SizeOfImage: 0x2c000 (180224)
2062d40.2df4: Resource Dir: 0x2a000 LB 0x428
2072d40.2df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2082d40.2df4: [Raw version resource data: 0x2a060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
2092d40.2df4: ProductName: System Interceptors PDK
2102d40.2df4: ProductVersion: 11.0.0.18
2112d40.2df4: FileVersion: 11.0.0.18
2122d40.2df4: FileDescription: Network Processor [fre_wnet_x64]
2132d40.2df4: \SystemRoot\System32\klfphc.dll:
2142d40.2df4: CreationTime: 2016-12-21T21:57:28.953455800Z
2152d40.2df4: LastWriteTime: 2013-05-06T07:13:26.000000000Z
2162d40.2df4: ChangeTime: 2017-05-18T23:45:21.642604800Z
2172d40.2df4: FileAttributes: 0x20
2182d40.2df4: Size: 0x1ae60
2192d40.2df4: NT Headers: 0xe8
2202d40.2df4: Timestamp: 0x51873bf2
2212d40.2df4: Machine: 0x8664 - amd64
2222d40.2df4: Timestamp: 0x51873bf2
2232d40.2df4: Image Version: 0.0
2242d40.2df4: SizeOfImage: 0x1d000 (118784)
2252d40.2df4: Resource Dir: 0x18000 LB 0x3c80
2262d40.2df4: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
2272d40.2df4: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
2282d40.2df4: ProductName: Kaspersky™ Anti-Virus ®
2292d40.2df4: ProductVersion: 1.0.0.12
2302d40.2df4: FileVersion: 1.0.0.12
2312d40.2df4: FileDescription: Filtering Platform Helper Class
2322d40.2df4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2332d40.2df4: Calling main()
2342d40.2df4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2352d40.2df4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2362d40.2df4: SUPR3HardenedMain: Respawn #1
2372d40.2df4: System32: \Device\HarddiskVolume4\Windows\System32
2382d40.2df4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2392d40.2df4: KnownDllPath: C:\WINDOWS\System32
2402d40.2df4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2412d40.2df4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2422d40.2df4: supR3HardNtEnableThreadCreation:
2432d40.2df4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe7ee9ad0 pvNtTerminateThread=00007ffbe7f15e00
2442d40.2df4: supR3HardenedWinDoReSpawn(1): New child 35d4.3c9c [kernel32].
2452d40.2df4: supR3HardNtChildGatherData: PebBaseAddress=0000000001175000 cbPeb=0x388
2462d40.2df4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe7e70000 uNtDllChildAddr=00007ffbe7e70000
2472d40.2df4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe7ee9ad0
2482d40.2df4: supR3HardenedWinSetupChildInit: Start child.
2492d40.2df4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2502d40.2df4: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 61 sleeps
2512d40.2df4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2522d40.2df4: *0000000000000000-0000000000e8ffff 0x0001/0x0000 0x0000000
2532d40.2df4: *0000000000e90000-0000000000eaffff 0x0004/0x0004 0x0020000
2542d40.2df4: *0000000000eb0000-0000000000ec7fff 0x0002/0x0002 0x0040000
2552d40.2df4: 0000000000ec8000-0000000000ecffff 0x0001/0x0000 0x0000000
2562d40.2df4: *0000000000ed0000-0000000000fcafff 0x0000/0x0004 0x0020000
2572d40.2df4: 0000000000fcb000-0000000000fcdfff 0x0104/0x0004 0x0020000
2582d40.2df4: 0000000000fce000-0000000000fcffff 0x0004/0x0004 0x0020000
2592d40.2df4: *0000000000fd0000-0000000000fd3fff 0x0002/0x0002 0x0040000
2602d40.2df4: 0000000000fd4000-0000000000fdffff 0x0001/0x0000 0x0000000
2612d40.2df4: *0000000000fe0000-0000000000fe0fff 0x0004/0x0004 0x0020000
2622d40.2df4: 0000000000fe1000-0000000000ffffff 0x0001/0x0000 0x0000000
2632d40.2df4: *0000000001000000-0000000001174fff 0x0000/0x0004 0x0020000
2642d40.2df4: 0000000001175000-0000000001177fff 0x0004/0x0004 0x0020000
2652d40.2df4: 0000000001178000-00000000011fffff 0x0000/0x0004 0x0020000
2662d40.2df4: 0000000001200000-0000000001fcffff 0x0001/0x0000 0x0000000
2672d40.2df4: *0000000001fd0000-0000000001fd0fff 0x0002/0x0002 0x0020000
2682d40.2df4: 0000000001fd1000-0000000001fdffff 0x0001/0x0000 0x0000000
2692d40.2df4: *0000000001fe0000-0000000001fe0fff 0x0010/0x0010 0x0020000 !!
2702d40.2df4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000001fe0000 (LB 0x1000, 0000000001fe0000 LB 0x1000)
2712d40.2df4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000001fe0000/0000000001fe0000 LB 0/0x1000]
2722d40.2df4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000001fe0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
2732d40.2df4: 0000000001fe1000-0000000001feffff 0x0001/0x0000 0x0000000
2742d40.2df4: *0000000001ff0000-0000000001ff0fff 0x0004/0x0004 0x0020000
2752d40.2df4: 0000000001ff1000-000000007ffdffff 0x0001/0x0000 0x0000000
2762d40.2df4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2772d40.2df4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2782d40.2df4: 000000007fff0000-00007ff7f3fdffff 0x0001/0x0000 0x0000000
2792d40.2df4: *00007ff7f3fe0000-00007ff7f4002fff 0x0002/0x0002 0x0040000
2802d40.2df4: 00007ff7f4003000-00007ff7f43fffff 0x0001/0x0000 0x0000000
2812d40.2df4: *00007ff7f4400000-00007ff7f4400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2822d40.2df4: 00007ff7f4401000-00007ff7f4470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2832d40.2df4: 00007ff7f4471000-00007ff7f4471fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2842d40.2df4: 00007ff7f4472000-00007ff7f44b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2852d40.2df4: 00007ff7f44b7000-00007ff7f44b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2862d40.2df4: 00007ff7f44b8000-00007ff7f44b8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2872d40.2df4: 00007ff7f44b9000-00007ff7f44bdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2882d40.2df4: 00007ff7f44be000-00007ff7f44befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2892d40.2df4: 00007ff7f44bf000-00007ff7f44bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2902d40.2df4: 00007ff7f44c0000-00007ff7f44c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2912d40.2df4: 00007ff7f44c4000-00007ff7f450bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2922d40.2df4: 00007ff7f450c000-00007ffbe7e6ffff 0x0001/0x0000 0x0000000
2932d40.2df4: *00007ffbe7e70000-00007ffbe7e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2942d40.2df4: 00007ffbe7e71000-00007ffbe7f7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2952d40.2df4: 00007ffbe7f80000-00007ffbe7fc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2962d40.2df4: 00007ffbe7fc5000-00007ffbe7fccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2972d40.2df4: 00007ffbe7fcd000-00007ffbe7fdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2982d40.2df4: 00007ffbe7fdb000-00007ffbe7fdbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2992d40.2df4: 00007ffbe7fdc000-00007ffbe7fdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3002d40.2df4: 00007ffbe7fdf000-00007ffbe804afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3012d40.2df4: 00007ffbe804b000-00007ffffffdffff 0x0001/0x0000 0x0000000
3022d40.2df4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3032d40.2df4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
3042d40.2df4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3052d40.2df4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3062d40.2df4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x40
3072d40.2df4: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 60 sleeps
3082d40.2df4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3092d40.2df4: *0000000000000000-0000000000e8ffff 0x0001/0x0000 0x0000000
3102d40.2df4: *0000000000e90000-0000000000eaffff 0x0004/0x0004 0x0020000
3112d40.2df4: *0000000000eb0000-0000000000ec7fff 0x0002/0x0002 0x0040000
3122d40.2df4: 0000000000ec8000-0000000000ecffff 0x0001/0x0000 0x0000000
3132d40.2df4: *0000000000ed0000-0000000000fcafff 0x0000/0x0004 0x0020000
3142d40.2df4: 0000000000fcb000-0000000000fcdfff 0x0104/0x0004 0x0020000
3152d40.2df4: 0000000000fce000-0000000000fcffff 0x0004/0x0004 0x0020000
3162d40.2df4: *0000000000fd0000-0000000000fd3fff 0x0002/0x0002 0x0040000
3172d40.2df4: 0000000000fd4000-0000000000fdffff 0x0001/0x0000 0x0000000
3182d40.2df4: *0000000000fe0000-0000000000fe0fff 0x0004/0x0004 0x0020000
3192d40.2df4: 0000000000fe1000-0000000000ffffff 0x0001/0x0000 0x0000000
3202d40.2df4: *0000000001000000-0000000001174fff 0x0000/0x0004 0x0020000
3212d40.2df4: 0000000001175000-0000000001177fff 0x0004/0x0004 0x0020000
3222d40.2df4: 0000000001178000-00000000011fffff 0x0000/0x0004 0x0020000
3232d40.2df4: 0000000001200000-0000000001fcffff 0x0001/0x0000 0x0000000
3242d40.2df4: *0000000001fd0000-0000000001fd0fff 0x0002/0x0002 0x0020000
3252d40.2df4: 0000000001fd1000-0000000001feffff 0x0001/0x0000 0x0000000
3262d40.2df4: *0000000001ff0000-0000000001ff0fff 0x0004/0x0004 0x0020000
3272d40.2df4: 0000000001ff1000-000000007ffdffff 0x0001/0x0000 0x0000000
3282d40.2df4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3292d40.2df4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3302d40.2df4: 000000007fff0000-00007ff7f3fdffff 0x0001/0x0000 0x0000000
3312d40.2df4: *00007ff7f3fe0000-00007ff7f4002fff 0x0002/0x0002 0x0040000
3322d40.2df4: 00007ff7f4003000-00007ff7f43fffff 0x0001/0x0000 0x0000000
3332d40.2df4: *00007ff7f4400000-00007ff7f4400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3342d40.2df4: 00007ff7f4401000-00007ff7f4470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3352d40.2df4: 00007ff7f4471000-00007ff7f4471fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3362d40.2df4: 00007ff7f4472000-00007ff7f44b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3372d40.2df4: 00007ff7f44b7000-00007ff7f44c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3382d40.2df4: 00007ff7f44c4000-00007ff7f450bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3392d40.2df4: 00007ff7f450c000-00007ffbe7e6ffff 0x0001/0x0000 0x0000000
3402d40.2df4: *00007ffbe7e70000-00007ffbe7e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3412d40.2df4: 00007ffbe7e71000-00007ffbe7f7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3422d40.2df4: 00007ffbe7f80000-00007ffbe7fc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3432d40.2df4: 00007ffbe7fc5000-00007ffbe7fc8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3442d40.2df4: 00007ffbe7fc9000-00007ffbe7fccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3452d40.2df4: 00007ffbe7fcd000-00007ffbe7fdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3462d40.2df4: 00007ffbe7fdb000-00007ffbe7fdbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3472d40.2df4: 00007ffbe7fdc000-00007ffbe7fdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3482d40.2df4: 00007ffbe7fdf000-00007ffbe804afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3492d40.2df4: 00007ffbe804b000-00007ffffffdffff 0x0001/0x0000 0x0000000
3502d40.2df4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3512d40.2df4: supR3HardNtChildPurify: Done after 2505 ms and 1 fixes (loop #1).
35235d4.3c9c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
35335d4.3c9c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe7e70000 g_uNtVerCombined=0xa03ad700
35435d4.3c9c: ntdll.dll: timestamp 0xb79b6ddb (rc=VINF_SUCCESS)
35535d4.3c9c: New simple heap: #1 0000000001300000 LB 0x400000 (for 1945600 allocation)
3562d40.2df4: supR3HardNtEnableThreadCreation:
35735d4.3c9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
35835d4.3c9c: System32: \Device\HarddiskVolume4\Windows\System32
35935d4.3c9c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
36035d4.3c9c: KnownDllPath: C:\WINDOWS\System32
36135d4.3c9c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
36235d4.3c9c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
36335d4.3c9c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
36435d4.3c9c: Registered Dll notification callback with NTDLL.
36535d4.3c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
36635d4.3c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
36735d4.3c9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
36835d4.3c9c: supR3HardenedDllNotificationCallback: load 00007ffbe4e10000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
36935d4.3c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
37035d4.3c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
37135d4.3c9c: supR3HardenedDllNotificationCallback: load 00007ffbe5a90000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
37235d4.3c9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
37335d4.3c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a90000 'C:\WINDOWS\System32\KERNEL32.DLL'
37435d4.3c9c: supR3HardenedDllNotificationCallback: load 00007ff7f4400000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
37535d4.3c9c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
37635d4.3c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
37735d4.3c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
37835d4.3c9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe7ee9ad0 pvNtTerminateThread=00007ffbe7f15e00
3792d40.2df4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 90 ms.
38035d4.3c9c: \SystemRoot\System32\ntdll.dll:
38135d4.3c9c: CreationTime: 2017-03-18T20:57:39.201977500Z
38235d4.3c9c: LastWriteTime: 2017-03-18T20:57:39.201977500Z
38335d4.3c9c: ChangeTime: 2017-05-19T00:30:22.496636900Z
38435d4.3c9c: FileAttributes: 0x20
38535d4.3c9c: Size: 0x1d7450
38635d4.3c9c: NT Headers: 0xe0
38735d4.3c9c: Timestamp: 0xb79b6ddb
38835d4.3c9c: Machine: 0x8664 - amd64
38935d4.3c9c: Timestamp: 0xb79b6ddb
39035d4.3c9c: Image Version: 10.0
39135d4.3c9c: SizeOfImage: 0x1db000 (1945600)
39235d4.3c9c: Resource Dir: 0x170000 LB 0x69398
39335d4.3c9c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
39435d4.3c9c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
39535d4.3c9c: ProductName: Microsoft® Windows® Operating System
39635d4.3c9c: ProductVersion: 10.0.15063.0
39735d4.3c9c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
39835d4.3c9c: FileDescription: NT Layer DLL
39935d4.3c9c: \SystemRoot\System32\kernel32.dll:
40035d4.3c9c: CreationTime: 2017-05-19T00:38:27.082547500Z
40135d4.3c9c: LastWriteTime: 2017-05-19T00:38:27.082547500Z
40235d4.3c9c: ChangeTime: 2017-05-18T23:41:05.710795600Z
40335d4.3c9c: FileAttributes: 0x20
40435d4.3c9c: Size: 0xad068
40535d4.3c9c: NT Headers: 0xf8
40635d4.3c9c: Timestamp: 0xf5fa43df
40735d4.3c9c: Machine: 0x8664 - amd64
40835d4.3c9c: Timestamp: 0xf5fa43df
40935d4.3c9c: Image Version: 10.0
41035d4.3c9c: SizeOfImage: 0xae000 (712704)
41135d4.3c9c: Resource Dir: 0xac000 LB 0x520
41235d4.3c9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
41335d4.3c9c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
41435d4.3c9c: ProductName: Microsoft® Windows® Operating System
41535d4.3c9c: ProductVersion: 10.0.15063.296
41635d4.3c9c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
41735d4.3c9c: FileDescription: Windows NT BASE API Client DLL
41835d4.3c9c: \SystemRoot\System32\KernelBase.dll:
41935d4.3c9c: CreationTime: 2017-05-19T00:38:27.113762500Z
42035d4.3c9c: LastWriteTime: 2017-05-19T00:38:27.113762500Z
42135d4.3c9c: ChangeTime: 2017-05-18T23:41:06.036414800Z
42235d4.3c9c: FileAttributes: 0x20
42335d4.3c9c: Size: 0x249df0
42435d4.3c9c: NT Headers: 0x100
42535d4.3c9c: Timestamp: 0xa0527b0c
42635d4.3c9c: Machine: 0x8664 - amd64
42735d4.3c9c: Timestamp: 0xa0527b0c
42835d4.3c9c: Image Version: 10.0
42935d4.3c9c: SizeOfImage: 0x249000 (2396160)
43035d4.3c9c: Resource Dir: 0x22a000 LB 0x548
43135d4.3c9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
43235d4.3c9c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
43335d4.3c9c: ProductName: Microsoft® Windows® Operating System
43435d4.3c9c: ProductVersion: 10.0.15063.296
43535d4.3c9c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
43635d4.3c9c: FileDescription: Windows NT BASE API Client DLL
43735d4.3c9c: \SystemRoot\System32\apisetschema.dll:
43835d4.3c9c: CreationTime: 2017-03-18T20:57:35.373527900Z
43935d4.3c9c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
44035d4.3c9c: ChangeTime: 2017-05-19T00:30:20.262028800Z
44135d4.3c9c: FileAttributes: 0x20
44235d4.3c9c: Size: 0x1ada0
44335d4.3c9c: NT Headers: 0xc0
44435d4.3c9c: Timestamp: 0x76544b2
44535d4.3c9c: Machine: 0x8664 - amd64
44635d4.3c9c: Timestamp: 0x76544b2
44735d4.3c9c: Image Version: 10.0
44835d4.3c9c: SizeOfImage: 0x1b000 (110592)
44935d4.3c9c: Resource Dir: 0x1a000 LB 0x408
45035d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
45135d4.3c9c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
45235d4.3c9c: ProductName: Microsoft® Windows® Operating System
45335d4.3c9c: ProductVersion: 10.0.15063.0
45435d4.3c9c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
45535d4.3c9c: FileDescription: ApiSet Schema DLL
45635d4.3c9c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
45735d4.3c9c: supR3HardenedWinFindAdversaries: 0x40
45835d4.3c9c: \SystemRoot\System32\drivers\kl1.sys:
45935d4.3c9c: CreationTime: 2015-09-11T19:30:40.000000000Z
46035d4.3c9c: LastWriteTime: 2015-09-11T19:30:40.000000000Z
46135d4.3c9c: ChangeTime: 2017-05-18T23:45:21.767616300Z
46235d4.3c9c: FileAttributes: 0x20
46335d4.3c9c: Size: 0x74cb8
46435d4.3c9c: NT Headers: 0xe8
46535d4.3c9c: Timestamp: 0x558314c5
46635d4.3c9c: Machine: 0x8664 - amd64
46735d4.3c9c: Timestamp: 0x558314c5
46835d4.3c9c: Image Version: 0.0
46935d4.3c9c: SizeOfImage: 0x762000 (7741440)
47035d4.3c9c: Resource Dir: 0x760000 LB 0x448
47135d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
47235d4.3c9c: [Raw version resource data: 0x760060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
47335d4.3c9c: ProductName: Kaspersky Anti-Virus
47435d4.3c9c: ProductVersion: 6.0.1.990
47535d4.3c9c: FileVersion: 6.8.0.54
47635d4.3c9c: FileDescription: Kaspersky Unified Driver
47735d4.3c9c: \SystemRoot\System32\drivers\klflt.sys:
47835d4.3c9c: CreationTime: 2016-12-21T21:57:14.482594600Z
47935d4.3c9c: LastWriteTime: 2017-04-18T22:34:02.291674800Z
48035d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
48135d4.3c9c: FileAttributes: 0x20
48235d4.3c9c: Size: 0x2d7f0
48335d4.3c9c: NT Headers: 0x100
48435d4.3c9c: Timestamp: 0x586383b2
48535d4.3c9c: Machine: 0x8664 - amd64
48635d4.3c9c: Timestamp: 0x586383b2
48735d4.3c9c: Image Version: 6.2
48835d4.3c9c: SizeOfImage: 0x39000 (233472)
48935d4.3c9c: Resource Dir: 0x37000 LB 0x418
49035d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
49135d4.3c9c: [Raw version resource data: 0x37060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
49235d4.3c9c: ProductName: System Interceptors PDK
49335d4.3c9c: ProductVersion: 11.0.47.0
49435d4.3c9c: FileVersion: 11.0.47.0
49535d4.3c9c: FileDescription: Filter Core [fre_win8_x64]
49635d4.3c9c: \SystemRoot\System32\drivers\klif.sys:
49735d4.3c9c: CreationTime: 2016-12-21T21:57:14.467000200Z
49835d4.3c9c: LastWriteTime: 2017-04-18T22:34:02.419214000Z
49935d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
50035d4.3c9c: FileAttributes: 0x20
50135d4.3c9c: Size: 0xf49f0
50235d4.3c9c: NT Headers: 0x118
50335d4.3c9c: Timestamp: 0x58d6af7b
50435d4.3c9c: Machine: 0x8664 - amd64
50535d4.3c9c: Timestamp: 0x58d6af7b
50635d4.3c9c: Image Version: 6.2
50735d4.3c9c: SizeOfImage: 0xf9000 (1019904)
50835d4.3c9c: Resource Dir: 0xf6000 LB 0x1ae0
50935d4.3c9c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
51035d4.3c9c: [Raw version resource data: 0xf6110 LB 0x3d8, codepage 0x0 (reserved 0x0)]
51135d4.3c9c: ProductName: System Interceptors PDK
51235d4.3c9c: ProductVersion: 11.0.286.0
51335d4.3c9c: FileVersion: 11.0.286.0
51435d4.3c9c: FileDescription: Core System Interceptors [fre_win8_x64]
51535d4.3c9c: \SystemRoot\System32\drivers\klim6.sys:
51635d4.3c9c: CreationTime: 2016-04-29T00:52:56.000000000Z
51735d4.3c9c: LastWriteTime: 2016-04-29T00:52:56.000000000Z
51835d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
51935d4.3c9c: FileAttributes: 0x20
52035d4.3c9c: Size: 0xc858
52135d4.3c9c: NT Headers: 0xf8
52235d4.3c9c: Timestamp: 0x56d0555d
52335d4.3c9c: Machine: 0x8664 - amd64
52435d4.3c9c: Timestamp: 0x56d0555d
52535d4.3c9c: Image Version: 6.2
52635d4.3c9c: SizeOfImage: 0xb000 (45056)
52735d4.3c9c: Resource Dir: 0x9000 LB 0x430
52835d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
52935d4.3c9c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
53035d4.3c9c: ProductName: System Interceptors PDK
53135d4.3c9c: ProductVersion: 11.0.0.12
53235d4.3c9c: FileVersion: 11.0.0.12
53335d4.3c9c: FileDescription: Packet Network Filter [fre_win8_x64]
53435d4.3c9c: \SystemRoot\System32\drivers\klkbdflt.sys:
53535d4.3c9c: CreationTime: 2015-11-11T11:04:20.000000000Z
53635d4.3c9c: LastWriteTime: 2015-11-11T11:04:20.000000000Z
53735d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
53835d4.3c9c: FileAttributes: 0x20
53935d4.3c9c: Size: 0xcd80
54035d4.3c9c: NT Headers: 0x100
54135d4.3c9c: Timestamp: 0x563023a1
54235d4.3c9c: Machine: 0x8664 - amd64
54335d4.3c9c: Timestamp: 0x563023a1
54435d4.3c9c: Image Version: 6.2
54535d4.3c9c: SizeOfImage: 0xc000 (49152)
54635d4.3c9c: Resource Dir: 0xa000 LB 0x438
54735d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54835d4.3c9c: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
54935d4.3c9c: ProductName: System Interceptors PDK
55035d4.3c9c: ProductVersion: 10.0.0.23
55135d4.3c9c: FileVersion: 10.0.0.23
55235d4.3c9c: FileDescription: Keyboard Device Filter [fre_win8_x64]
55335d4.3c9c: \SystemRoot\System32\drivers\klmouflt.sys:
55435d4.3c9c: CreationTime: 2015-06-07T00:52:56.000000000Z
55535d4.3c9c: LastWriteTime: 2015-06-07T00:52:56.000000000Z
55635d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
55735d4.3c9c: FileAttributes: 0x20
55835d4.3c9c: Size: 0xa2b8
55935d4.3c9c: NT Headers: 0xe8
56035d4.3c9c: Timestamp: 0x556da33c
56135d4.3c9c: Machine: 0x8664 - amd64
56235d4.3c9c: Timestamp: 0x556da33c
56335d4.3c9c: Image Version: 6.2
56435d4.3c9c: SizeOfImage: 0xc000 (49152)
56535d4.3c9c: Resource Dir: 0xa000 LB 0x438
56635d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
56735d4.3c9c: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
56835d4.3c9c: ProductName: System Interceptors PDK
56935d4.3c9c: ProductVersion: 10.0.0.11
57035d4.3c9c: FileVersion: 10.0.0.11
57135d4.3c9c: FileDescription: Mouse Device Filter [fre_win8_x64]
57235d4.3c9c: \SystemRoot\System32\drivers\kneps.sys:
57335d4.3c9c: CreationTime: 2015-12-02T23:38:12.000000000Z
57435d4.3c9c: LastWriteTime: 2015-12-02T23:38:12.000000000Z
57535d4.3c9c: ChangeTime: 2017-05-18T23:45:21.783244000Z
57635d4.3c9c: FileAttributes: 0x20
57735d4.3c9c: Size: 0x2f788
57835d4.3c9c: NT Headers: 0x100
57935d4.3c9c: Timestamp: 0x5652da27
58035d4.3c9c: Machine: 0x8664 - amd64
58135d4.3c9c: Timestamp: 0x5652da27
58235d4.3c9c: Image Version: 5.2
58335d4.3c9c: SizeOfImage: 0x2c000 (180224)
58435d4.3c9c: Resource Dir: 0x2a000 LB 0x428
58535d4.3c9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
58635d4.3c9c: [Raw version resource data: 0x2a060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
58735d4.3c9c: ProductName: System Interceptors PDK
58835d4.3c9c: ProductVersion: 11.0.0.18
58935d4.3c9c: FileVersion: 11.0.0.18
59035d4.3c9c: FileDescription: Network Processor [fre_wnet_x64]
59135d4.3c9c: \SystemRoot\System32\klfphc.dll:
59235d4.3c9c: CreationTime: 2016-12-21T21:57:28.953455800Z
59335d4.3c9c: LastWriteTime: 2013-05-06T07:13:26.000000000Z
59435d4.3c9c: ChangeTime: 2017-05-18T23:45:21.642604800Z
59535d4.3c9c: FileAttributes: 0x20
59635d4.3c9c: Size: 0x1ae60
59735d4.3c9c: NT Headers: 0xe8
59835d4.3c9c: Timestamp: 0x51873bf2
59935d4.3c9c: Machine: 0x8664 - amd64
60035d4.3c9c: Timestamp: 0x51873bf2
60135d4.3c9c: Image Version: 0.0
60235d4.3c9c: SizeOfImage: 0x1d000 (118784)
60335d4.3c9c: Resource Dir: 0x18000 LB 0x3c80
60435d4.3c9c: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
60535d4.3c9c: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
60635d4.3c9c: ProductName: Kaspersky™ Anti-Virus ®
60735d4.3c9c: ProductVersion: 1.0.0.12
60835d4.3c9c: FileVersion: 1.0.0.12
60935d4.3c9c: FileDescription: Filtering Platform Helper Class
61035d4.3c9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
61135d4.3c9c: Calling main()
61235d4.3c9c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
61335d4.3c9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
61435d4.3c9c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
61535d4.3c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
61635d4.3c9c: SUPR3HardenedMain: Respawn #2
61735d4.3c9c: supR3HardNtEnableThreadCreation:
61835d4.3c9c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
61935d4.3c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
62035d4.3c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
62135d4.3c9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
62235d4.3c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7e70000 'C:\WINDOWS\System32\ntdll.dll'
62335d4.3c9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe7ee9ad0 pvNtTerminateThread=00007ffbe7f15e00
62435d4.3c9c: supR3HardenedWinDoReSpawn(2): New child 2708.423c [kernel32].
62535d4.3c9c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
62635d4.3c9c: supR3HardNtChildGatherData: PebBaseAddress=0000000000571000 cbPeb=0x388
62735d4.3c9c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe7e70000 uNtDllChildAddr=00007ffbe7e70000
62835d4.3c9c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe7ee9ad0
62935d4.3c9c: supR3HardenedWinSetupChildInit: Start child.
63035d4.3c9c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
63135d4.3c9c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 62 sleeps
63235d4.3c9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
63335d4.3c9c: *0000000000000000-000000000037ffff 0x0001/0x0000 0x0000000
63435d4.3c9c: *0000000000380000-000000000039ffff 0x0004/0x0004 0x0020000
63535d4.3c9c: *00000000003a0000-00000000003b7fff 0x0002/0x0002 0x0040000
63635d4.3c9c: 00000000003b8000-00000000003bffff 0x0001/0x0000 0x0000000
63735d4.3c9c: *00000000003c0000-00000000003c3fff 0x0002/0x0002 0x0040000
63835d4.3c9c: 00000000003c4000-00000000003cffff 0x0001/0x0000 0x0000000
63935d4.3c9c: *00000000003d0000-00000000003d0fff 0x0004/0x0004 0x0020000
64035d4.3c9c: 00000000003d1000-00000000003fffff 0x0001/0x0000 0x0000000
64135d4.3c9c: *0000000000400000-0000000000570fff 0x0000/0x0004 0x0020000
64235d4.3c9c: 0000000000571000-0000000000573fff 0x0004/0x0004 0x0020000
64335d4.3c9c: 0000000000574000-00000000005fffff 0x0000/0x0004 0x0020000
64435d4.3c9c: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
64535d4.3c9c: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
64635d4.3c9c: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
64735d4.3c9c: 0000000000700000-0000000001fcffff 0x0001/0x0000 0x0000000
64835d4.3c9c: *0000000001fd0000-0000000001fd0fff 0x0002/0x0002 0x0020000
64935d4.3c9c: 0000000001fd1000-0000000001fdffff 0x0001/0x0000 0x0000000
65035d4.3c9c: *0000000001fe0000-0000000001fe0fff 0x0010/0x0010 0x0020000 !!
65135d4.3c9c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000001fe0000 (LB 0x1000, 0000000001fe0000 LB 0x1000)
65235d4.3c9c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000001fe0000/0000000001fe0000 LB 0/0x1000]
65335d4.3c9c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000001fe0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
65435d4.3c9c: 0000000001fe1000-0000000001feffff 0x0001/0x0000 0x0000000
65535d4.3c9c: *0000000001ff0000-0000000001ff0fff 0x0004/0x0004 0x0020000
65635d4.3c9c: 0000000001ff1000-000000007ffdffff 0x0001/0x0000 0x0000000
65735d4.3c9c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
65835d4.3c9c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
65935d4.3c9c: 000000007fff0000-00007ff7f3fbffff 0x0001/0x0000 0x0000000
66035d4.3c9c: *00007ff7f3fc0000-00007ff7f3fe2fff 0x0002/0x0002 0x0040000
66135d4.3c9c: 00007ff7f3fe3000-00007ff7f43fffff 0x0001/0x0000 0x0000000
66235d4.3c9c: *00007ff7f4400000-00007ff7f4400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66335d4.3c9c: 00007ff7f4401000-00007ff7f4470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66435d4.3c9c: 00007ff7f4471000-00007ff7f4471fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66535d4.3c9c: 00007ff7f4472000-00007ff7f44b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66635d4.3c9c: 00007ff7f44b7000-00007ff7f44b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66735d4.3c9c: 00007ff7f44b8000-00007ff7f44b8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66835d4.3c9c: 00007ff7f44b9000-00007ff7f44bdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
66935d4.3c9c: 00007ff7f44be000-00007ff7f44befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
67035d4.3c9c: 00007ff7f44bf000-00007ff7f44bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
67135d4.3c9c: 00007ff7f44c0000-00007ff7f44c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
67235d4.3c9c: 00007ff7f44c4000-00007ff7f450bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
67335d4.3c9c: 00007ff7f450c000-00007ffbe7e6ffff 0x0001/0x0000 0x0000000
67435d4.3c9c: *00007ffbe7e70000-00007ffbe7e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67535d4.3c9c: 00007ffbe7e71000-00007ffbe7f7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67635d4.3c9c: 00007ffbe7f80000-00007ffbe7fc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67735d4.3c9c: 00007ffbe7fc5000-00007ffbe7fccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67835d4.3c9c: 00007ffbe7fcd000-00007ffbe7fdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67935d4.3c9c: 00007ffbe7fdb000-00007ffbe7fdbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
68035d4.3c9c: 00007ffbe7fdc000-00007ffbe7fdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
68135d4.3c9c: 00007ffbe7fdf000-00007ffbe804afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
68235d4.3c9c: 00007ffbe804b000-00007ffffffdffff 0x0001/0x0000 0x0000000
68335d4.3c9c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
68435d4.3c9c: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
68535d4.3c9c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
68635d4.3c9c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
68735d4.3c9c: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x40
68835d4.3c9c: supR3HardNtChildPurify: Startup delay kludge #1/1: 521 ms, 61 sleeps
68935d4.3c9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
69035d4.3c9c: *0000000000000000-000000000037ffff 0x0001/0x0000 0x0000000
69135d4.3c9c: *0000000000380000-000000000039ffff 0x0004/0x0004 0x0020000
69235d4.3c9c: *00000000003a0000-00000000003b7fff 0x0002/0x0002 0x0040000
69335d4.3c9c: 00000000003b8000-00000000003bffff 0x0001/0x0000 0x0000000
69435d4.3c9c: *00000000003c0000-00000000003c3fff 0x0002/0x0002 0x0040000
69535d4.3c9c: 00000000003c4000-00000000003cffff 0x0001/0x0000 0x0000000
69635d4.3c9c: *00000000003d0000-00000000003d0fff 0x0004/0x0004 0x0020000
69735d4.3c9c: 00000000003d1000-00000000003fffff 0x0001/0x0000 0x0000000
69835d4.3c9c: *0000000000400000-0000000000570fff 0x0000/0x0004 0x0020000
69935d4.3c9c: 0000000000571000-0000000000573fff 0x0004/0x0004 0x0020000
70035d4.3c9c: 0000000000574000-00000000005fffff 0x0000/0x0004 0x0020000
70135d4.3c9c: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
70235d4.3c9c: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
70335d4.3c9c: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
70435d4.3c9c: 0000000000700000-0000000001fcffff 0x0001/0x0000 0x0000000
70535d4.3c9c: *0000000001fd0000-0000000001fd0fff 0x0002/0x0002 0x0020000
70635d4.3c9c: 0000000001fd1000-0000000001feffff 0x0001/0x0000 0x0000000
70735d4.3c9c: *0000000001ff0000-0000000001ff0fff 0x0004/0x0004 0x0020000
70835d4.3c9c: 0000000001ff1000-000000007ffdffff 0x0001/0x0000 0x0000000
70935d4.3c9c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
71035d4.3c9c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
71135d4.3c9c: 000000007fff0000-00007ff7f3fbffff 0x0001/0x0000 0x0000000
71235d4.3c9c: *00007ff7f3fc0000-00007ff7f3fe2fff 0x0002/0x0002 0x0040000
71335d4.3c9c: 00007ff7f3fe3000-00007ff7f43fffff 0x0001/0x0000 0x0000000
71435d4.3c9c: *00007ff7f4400000-00007ff7f4400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
71535d4.3c9c: 00007ff7f4401000-00007ff7f4470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
71635d4.3c9c: 00007ff7f4471000-00007ff7f4471fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
71735d4.3c9c: 00007ff7f4472000-00007ff7f44b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
71835d4.3c9c: 00007ff7f44b7000-00007ff7f44c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
71935d4.3c9c: 00007ff7f44c4000-00007ff7f450bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72035d4.3c9c: 00007ff7f450c000-00007ffbe7e6ffff 0x0001/0x0000 0x0000000
72135d4.3c9c: *00007ffbe7e70000-00007ffbe7e70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72235d4.3c9c: 00007ffbe7e71000-00007ffbe7f7ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72335d4.3c9c: 00007ffbe7f80000-00007ffbe7fc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72435d4.3c9c: 00007ffbe7fc5000-00007ffbe7fc8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72535d4.3c9c: 00007ffbe7fc9000-00007ffbe7fccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72635d4.3c9c: 00007ffbe7fcd000-00007ffbe7fdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72735d4.3c9c: 00007ffbe7fdb000-00007ffbe7fdbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72835d4.3c9c: 00007ffbe7fdc000-00007ffbe7fdefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
72935d4.3c9c: 00007ffbe7fdf000-00007ffbe804afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73035d4.3c9c: 00007ffbe804b000-00007ffffffdffff 0x0001/0x0000 0x0000000
73135d4.3c9c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
73235d4.3c9c: supR3HardNtChildPurify: Done after 1183 ms and 1 fixes (loop #1).
7332708.423c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
7342708.423c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe7e70000 g_uNtVerCombined=0xa03ad700
7352708.423c: ntdll.dll: timestamp 0xb79b6ddb (rc=VINF_SUCCESS)
7362708.423c: New simple heap: #1 0000000000800000 LB 0x400000 (for 1945600 allocation)
73735d4.3c9c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001300000 LB 0x400000)
73835d4.3c9c: supR3HardNtEnableThreadCreation:
7392708.423c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7402708.423c: System32: \Device\HarddiskVolume4\Windows\System32
7412708.423c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
7422708.423c: KnownDllPath: C:\WINDOWS\System32
7432708.423c: supR3HardenedVmProcessInit: Opening vboxdrv...
7442708.423c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7452708.423c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7462708.423c: Registered Dll notification callback with NTDLL.
7472708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
7482708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
7492708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
7502708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4e10000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
7512708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
7522708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7532708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5a90000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
7542708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7552708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a90000 'C:\WINDOWS\System32\KERNEL32.DLL'
7562708.423c: supR3HardenedDllNotificationCallback: load 00007ff7f4400000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
7572708.423c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7582708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7592708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7602708.423c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe7ee9ad0 pvNtTerminateThread=00007ffbe7f15e00
76135d4.3c9c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 88 ms.
7622708.423c: \SystemRoot\System32\ntdll.dll:
7632708.423c: CreationTime: 2017-03-18T20:57:39.201977500Z
7642708.423c: LastWriteTime: 2017-03-18T20:57:39.201977500Z
7652708.423c: ChangeTime: 2017-05-19T00:30:22.496636900Z
7662708.423c: FileAttributes: 0x20
7672708.423c: Size: 0x1d7450
7682708.423c: NT Headers: 0xe0
7692708.423c: Timestamp: 0xb79b6ddb
7702708.423c: Machine: 0x8664 - amd64
7712708.423c: Timestamp: 0xb79b6ddb
7722708.423c: Image Version: 10.0
7732708.423c: SizeOfImage: 0x1db000 (1945600)
7742708.423c: Resource Dir: 0x170000 LB 0x69398
7752708.423c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7762708.423c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7772708.423c: ProductName: Microsoft® Windows® Operating System
7782708.423c: ProductVersion: 10.0.15063.0
7792708.423c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
7802708.423c: FileDescription: NT Layer DLL
7812708.423c: \SystemRoot\System32\kernel32.dll:
7822708.423c: CreationTime: 2017-05-19T00:38:27.082547500Z
7832708.423c: LastWriteTime: 2017-05-19T00:38:27.082547500Z
7842708.423c: ChangeTime: 2017-05-18T23:41:05.710795600Z
7852708.423c: FileAttributes: 0x20
7862708.423c: Size: 0xad068
7872708.423c: NT Headers: 0xf8
7882708.423c: Timestamp: 0xf5fa43df
7892708.423c: Machine: 0x8664 - amd64
7902708.423c: Timestamp: 0xf5fa43df
7912708.423c: Image Version: 10.0
7922708.423c: SizeOfImage: 0xae000 (712704)
7932708.423c: Resource Dir: 0xac000 LB 0x520
7942708.423c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7952708.423c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7962708.423c: ProductName: Microsoft® Windows® Operating System
7972708.423c: ProductVersion: 10.0.15063.296
7982708.423c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
7992708.423c: FileDescription: Windows NT BASE API Client DLL
8002708.423c: \SystemRoot\System32\KernelBase.dll:
8012708.423c: CreationTime: 2017-05-19T00:38:27.113762500Z
8022708.423c: LastWriteTime: 2017-05-19T00:38:27.113762500Z
8032708.423c: ChangeTime: 2017-05-18T23:41:06.036414800Z
8042708.423c: FileAttributes: 0x20
8052708.423c: Size: 0x249df0
8062708.423c: NT Headers: 0x100
8072708.423c: Timestamp: 0xa0527b0c
8082708.423c: Machine: 0x8664 - amd64
8092708.423c: Timestamp: 0xa0527b0c
8102708.423c: Image Version: 10.0
8112708.423c: SizeOfImage: 0x249000 (2396160)
8122708.423c: Resource Dir: 0x22a000 LB 0x548
8132708.423c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8142708.423c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
8152708.423c: ProductName: Microsoft® Windows® Operating System
8162708.423c: ProductVersion: 10.0.15063.296
8172708.423c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
8182708.423c: FileDescription: Windows NT BASE API Client DLL
8192708.423c: \SystemRoot\System32\apisetschema.dll:
8202708.423c: CreationTime: 2017-03-18T20:57:35.373527900Z
8212708.423c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
8222708.423c: ChangeTime: 2017-05-19T00:30:20.262028800Z
8232708.423c: FileAttributes: 0x20
8242708.423c: Size: 0x1ada0
8252708.423c: NT Headers: 0xc0
8262708.423c: Timestamp: 0x76544b2
8272708.423c: Machine: 0x8664 - amd64
8282708.423c: Timestamp: 0x76544b2
8292708.423c: Image Version: 10.0
8302708.423c: SizeOfImage: 0x1b000 (110592)
8312708.423c: Resource Dir: 0x1a000 LB 0x408
8322708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8332708.423c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
8342708.423c: ProductName: Microsoft® Windows® Operating System
8352708.423c: ProductVersion: 10.0.15063.0
8362708.423c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
8372708.423c: FileDescription: ApiSet Schema DLL
8382708.423c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8392708.423c: supR3HardenedWinFindAdversaries: 0x40
8402708.423c: \SystemRoot\System32\drivers\kl1.sys:
8412708.423c: CreationTime: 2015-09-11T19:30:40.000000000Z
8422708.423c: LastWriteTime: 2015-09-11T19:30:40.000000000Z
8432708.423c: ChangeTime: 2017-05-18T23:45:21.767616300Z
8442708.423c: FileAttributes: 0x20
8452708.423c: Size: 0x74cb8
8462708.423c: NT Headers: 0xe8
8472708.423c: Timestamp: 0x558314c5
8482708.423c: Machine: 0x8664 - amd64
8492708.423c: Timestamp: 0x558314c5
8502708.423c: Image Version: 0.0
8512708.423c: SizeOfImage: 0x762000 (7741440)
8522708.423c: Resource Dir: 0x760000 LB 0x448
8532708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
8542708.423c: [Raw version resource data: 0x760060 LB 0x3e8, codepage 0x0 (reserved 0x0)]
8552708.423c: ProductName: Kaspersky Anti-Virus
8562708.423c: ProductVersion: 6.0.1.990
8572708.423c: FileVersion: 6.8.0.54
8582708.423c: FileDescription: Kaspersky Unified Driver
8592708.423c: \SystemRoot\System32\drivers\klflt.sys:
8602708.423c: CreationTime: 2016-12-21T21:57:14.482594600Z
8612708.423c: LastWriteTime: 2017-04-18T22:34:02.291674800Z
8622708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
8632708.423c: FileAttributes: 0x20
8642708.423c: Size: 0x2d7f0
8652708.423c: NT Headers: 0x100
8662708.423c: Timestamp: 0x586383b2
8672708.423c: Machine: 0x8664 - amd64
8682708.423c: Timestamp: 0x586383b2
8692708.423c: Image Version: 6.2
8702708.423c: SizeOfImage: 0x39000 (233472)
8712708.423c: Resource Dir: 0x37000 LB 0x418
8722708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8732708.423c: [Raw version resource data: 0x37060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
8742708.423c: ProductName: System Interceptors PDK
8752708.423c: ProductVersion: 11.0.47.0
8762708.423c: FileVersion: 11.0.47.0
8772708.423c: FileDescription: Filter Core [fre_win8_x64]
8782708.423c: \SystemRoot\System32\drivers\klif.sys:
8792708.423c: CreationTime: 2016-12-21T21:57:14.467000200Z
8802708.423c: LastWriteTime: 2017-04-18T22:34:02.419214000Z
8812708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
8822708.423c: FileAttributes: 0x20
8832708.423c: Size: 0xf49f0
8842708.423c: NT Headers: 0x118
8852708.423c: Timestamp: 0x58d6af7b
8862708.423c: Machine: 0x8664 - amd64
8872708.423c: Timestamp: 0x58d6af7b
8882708.423c: Image Version: 6.2
8892708.423c: SizeOfImage: 0xf9000 (1019904)
8902708.423c: Resource Dir: 0xf6000 LB 0x1ae0
8912708.423c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
8922708.423c: [Raw version resource data: 0xf6110 LB 0x3d8, codepage 0x0 (reserved 0x0)]
8932708.423c: ProductName: System Interceptors PDK
8942708.423c: ProductVersion: 11.0.286.0
8952708.423c: FileVersion: 11.0.286.0
8962708.423c: FileDescription: Core System Interceptors [fre_win8_x64]
8972708.423c: \SystemRoot\System32\drivers\klim6.sys:
8982708.423c: CreationTime: 2016-04-29T00:52:56.000000000Z
8992708.423c: LastWriteTime: 2016-04-29T00:52:56.000000000Z
9002708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
9012708.423c: FileAttributes: 0x20
9022708.423c: Size: 0xc858
9032708.423c: NT Headers: 0xf8
9042708.423c: Timestamp: 0x56d0555d
9052708.423c: Machine: 0x8664 - amd64
9062708.423c: Timestamp: 0x56d0555d
9072708.423c: Image Version: 6.2
9082708.423c: SizeOfImage: 0xb000 (45056)
9092708.423c: Resource Dir: 0x9000 LB 0x430
9102708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9112708.423c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
9122708.423c: ProductName: System Interceptors PDK
9132708.423c: ProductVersion: 11.0.0.12
9142708.423c: FileVersion: 11.0.0.12
9152708.423c: FileDescription: Packet Network Filter [fre_win8_x64]
9162708.423c: \SystemRoot\System32\drivers\klkbdflt.sys:
9172708.423c: CreationTime: 2015-11-11T11:04:20.000000000Z
9182708.423c: LastWriteTime: 2015-11-11T11:04:20.000000000Z
9192708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
9202708.423c: FileAttributes: 0x20
9212708.423c: Size: 0xcd80
9222708.423c: NT Headers: 0x100
9232708.423c: Timestamp: 0x563023a1
9242708.423c: Machine: 0x8664 - amd64
9252708.423c: Timestamp: 0x563023a1
9262708.423c: Image Version: 6.2
9272708.423c: SizeOfImage: 0xc000 (49152)
9282708.423c: Resource Dir: 0xa000 LB 0x438
9292708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9302708.423c: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
9312708.423c: ProductName: System Interceptors PDK
9322708.423c: ProductVersion: 10.0.0.23
9332708.423c: FileVersion: 10.0.0.23
9342708.423c: FileDescription: Keyboard Device Filter [fre_win8_x64]
9352708.423c: \SystemRoot\System32\drivers\klmouflt.sys:
9362708.423c: CreationTime: 2015-06-07T00:52:56.000000000Z
9372708.423c: LastWriteTime: 2015-06-07T00:52:56.000000000Z
9382708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
9392708.423c: FileAttributes: 0x20
9402708.423c: Size: 0xa2b8
9412708.423c: NT Headers: 0xe8
9422708.423c: Timestamp: 0x556da33c
9432708.423c: Machine: 0x8664 - amd64
9442708.423c: Timestamp: 0x556da33c
9452708.423c: Image Version: 6.2
9462708.423c: SizeOfImage: 0xc000 (49152)
9472708.423c: Resource Dir: 0xa000 LB 0x438
9482708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9492708.423c: [Raw version resource data: 0xa060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
9502708.423c: ProductName: System Interceptors PDK
9512708.423c: ProductVersion: 10.0.0.11
9522708.423c: FileVersion: 10.0.0.11
9532708.423c: FileDescription: Mouse Device Filter [fre_win8_x64]
9542708.423c: \SystemRoot\System32\drivers\kneps.sys:
9552708.423c: CreationTime: 2015-12-02T23:38:12.000000000Z
9562708.423c: LastWriteTime: 2015-12-02T23:38:12.000000000Z
9572708.423c: ChangeTime: 2017-05-18T23:45:21.783244000Z
9582708.423c: FileAttributes: 0x20
9592708.423c: Size: 0x2f788
9602708.423c: NT Headers: 0x100
9612708.423c: Timestamp: 0x5652da27
9622708.423c: Machine: 0x8664 - amd64
9632708.423c: Timestamp: 0x5652da27
9642708.423c: Image Version: 5.2
9652708.423c: SizeOfImage: 0x2c000 (180224)
9662708.423c: Resource Dir: 0x2a000 LB 0x428
9672708.423c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9682708.423c: [Raw version resource data: 0x2a060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
9692708.423c: ProductName: System Interceptors PDK
9702708.423c: ProductVersion: 11.0.0.18
9712708.423c: FileVersion: 11.0.0.18
9722708.423c: FileDescription: Network Processor [fre_wnet_x64]
9732708.423c: \SystemRoot\System32\klfphc.dll:
9742708.423c: CreationTime: 2016-12-21T21:57:28.953455800Z
9752708.423c: LastWriteTime: 2013-05-06T07:13:26.000000000Z
9762708.423c: ChangeTime: 2017-05-18T23:45:21.642604800Z
9772708.423c: FileAttributes: 0x20
9782708.423c: Size: 0x1ae60
9792708.423c: NT Headers: 0xe8
9802708.423c: Timestamp: 0x51873bf2
9812708.423c: Machine: 0x8664 - amd64
9822708.423c: Timestamp: 0x51873bf2
9832708.423c: Image Version: 0.0
9842708.423c: SizeOfImage: 0x1d000 (118784)
9852708.423c: Resource Dir: 0x18000 LB 0x3c80
9862708.423c: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
9872708.423c: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
9882708.423c: ProductName: Kaspersky™ Anti-Virus ®
9892708.423c: ProductVersion: 1.0.0.12
9902708.423c: FileVersion: 1.0.0.12
9912708.423c: FileDescription: Filtering Platform Helper Class
9922708.423c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
9932708.423c: Calling main()
9942708.423c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
9952708.423c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
9962708.423c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
9972708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
9982708.423c: SUPR3HardenedMain: Final process, opening VBoxDrv...
9992708.423c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
10002708.423c: supR3HardNtEnableThreadCreation:
10012708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
10022708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10032708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10042708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10052708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe23a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10062708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10072708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10082708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10092708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe23a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10102708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10112708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10122708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe23a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10132708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe23a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10142708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10152708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
10162708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
10172708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
10182708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
10192708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
10202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10222708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
10232708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10242708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10252708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10262708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
10272708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
10282708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10292708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10302708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10312708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
10322708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
10332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10352708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
10362708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
10372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10392708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10402708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10412708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe7b80000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
10422708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10432708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4320000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
10442708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10452708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4610000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
10462708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
10472708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
10482708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5190000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
10492708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10502708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5930000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
10512708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10522708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe7c30000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
10532708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
10542708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
10552708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
10562708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe53d0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
10572708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10582708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
10592708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
10602708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
10612708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
10622708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5130000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
10632708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10642708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10652708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-synch-l1-2-0'
10662708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10672708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-fibers-l1-1-1'
10682708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10692708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-fibers-l1-1-1'
10702708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10712708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-synch-l1-2-0'
10722708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10732708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-localization-l1-2-1'
10742708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\WINDOWS\system32\Wintrust.dll'
10752708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
10762708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
10772708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10782708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10792708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10802708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
10812708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
10822708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10832708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10842708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10852708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10862708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10872708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10882708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10892708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
10902708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10912708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3ea0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
10922708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10932708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3ea0000 'C:\WINDOWS\system32\bcrypt.dll'
10942708.423c: bcrypt.dll loaded at 00007ffbe3ea0000, BCryptOpenAlgorithmProvider at 00007ffbe3ea4aa0, preloading providers:
10952708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
10962708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10972708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10982708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5360000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
10992708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11002708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5360000 'C:\WINDOWS\system32\bcryptprimitives.dll'
11012708.423c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000daecf0)
11022708.423c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000daf300)
11032708.423c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000daf5d0)
11042708.423c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000db00b0)
11052708.423c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000db0380)
11062708.423c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000db0650)
11072708.423c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000db0920)
11082708.423c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000db0bf0)
11092708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11102708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11112708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11122708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11132708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11142708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11152708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11162708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11172708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11182708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11192708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11202708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11212708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11222708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11232708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11242708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11252708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11262708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11272708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11282708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11292708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11302708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
11312708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
11322708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3da0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
11332708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11342708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
11352708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
11362708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
11372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11392708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11402708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11412708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11422708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3810000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
11432708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11442708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
11452708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
11462708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
11472708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
11482708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3d90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
11492708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11502708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11512708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
11522708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
11532708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
11542708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11552708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a90000 'C:\WINDOWS\System32\kernel32.dll'
11562708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11572708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
11582708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11592708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
11602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\CRYPT32.dll'
11612708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5d80000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
11622708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
11632708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
11642708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11652708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11662708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
11672708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
11682708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
11692708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
11702708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
11712708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
11722708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll)
11732708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
11742708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11752708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
11762708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
11772708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
11782708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe30d0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
11792708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11802708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe42e0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
11812708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
11822708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
11832708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11842708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
11852708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
11862708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
11872708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11882708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11892708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11902708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11912708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11922708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11942708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11952708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11982708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11992708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
12002708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
12012708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
12022708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
12032708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
12042708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
12052708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12062708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12072708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12092708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12102708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12112708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12122708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12132708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12142708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
12152708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
12162708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
12172708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
12182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
12192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
12202708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
12212708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
12222708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12242708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12252708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12262708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12272708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdfb30000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
12282708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12292708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12302708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12312708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12322708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12332708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12342708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12352708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12362708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12372708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12382708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12392708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12402708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12412708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12422708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12432708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12442708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12452708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
12462708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12472708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12482708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12492708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12502708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12512708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12522708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12532708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12542708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12552708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12562708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12572708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\WINDOWS\System32\cryptnet.dll'
12582708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12592708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdfb30000 'C:\Windows\System32\cryptnet.dll'
12602708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12612708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12622708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
12632708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12642708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12652708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
12662708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12672708.423c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000df0a20
12682708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
12692708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=17452B7F1E3451CE74A2E49BC80F44837155422F
12702708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12712708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12722708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5930000 'C:\WINDOWS\System32\rpcrt4.dll'
12732708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12742708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12752708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12762708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12772708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12782708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12792708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12802708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12812708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12822708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12832708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12842708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12852708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12862708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12872708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\Windows\System32\WINTRUST.DLL'
12882708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12892708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12902708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
12912708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12922708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12932708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
12942708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Group-minkernel-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\SystemRoot\System32\ntdll.dll'
12952708.423c: g_pfnWinVerifyTrust=00007ffbe513d3e0
12962708.423c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
12972708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12982708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12992708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13002708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13012708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13022708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13032708.423c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
13042708.423c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13052708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13062708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13072708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13082708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13092708.423c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
13102708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13112708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13122708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13132708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13142708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
13152708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13162708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13172708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13182708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
13192708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13202708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13212708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13222708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
13232708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
13242708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
13252708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
13262708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
13272708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13282708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13292708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13302708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
13312708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13322708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
13332708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13342708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13352708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13362708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
13372708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13382708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13392708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13402708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
13412708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
13422708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
13432708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
13442708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
13452708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13462708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13472708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13482708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13492708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13502708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
13512708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13522708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
13532708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13542708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13552708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13562708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
13572708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13582708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13592708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13612708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
13622708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13632708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13642708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13652708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
13662708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13672708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13682708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
13692708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13702708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13712708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
13722708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13732708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13742708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
13752708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13762708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13772708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
13782708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13792708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13802708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
13812708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13822708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13832708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
13842708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13852708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13862708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
13872708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13882708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13892708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
13902708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13912708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13922708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
13932708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13942708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13952708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13962708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
13972708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
13982708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
13992708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
14002708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
14012708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
14022708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
14032708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\system32\crypt32.dll'
14042708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14052708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14062708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14072708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x21747daa04e0c700 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
14082708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
14092708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14102708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14112708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14122708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14132708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14142708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14152708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14162708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
14172708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14182708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
14192708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
14202708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14212708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14222708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
14232708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
14242708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14252708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14262708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
14272708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
14282708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14292708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14302708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14312708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14322708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
14332708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
14342708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
14352708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14362708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
14372708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
14382708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14392708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14402708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
14412708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
14422708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
14432708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14442708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14452708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
14462708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
14472708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
14482708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
14492708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
14502708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14512708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
14522708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
14532708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
14542708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
14552708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14562708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
14572708.423c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14582708.423c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54
14592708.423c: SUPR3HardenedMain: Load Runtime...
14602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
14612708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14622708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14632708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14642708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14652708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14662708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
14672708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14682708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14692708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
14702708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14712708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14722708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
14732708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14742708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
14752708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
14762708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14772708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
14782708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14792708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
14802708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
14812708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14822708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14832708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14842708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14852708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
14862708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
14872708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14882708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
14892708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14902708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14912708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14922708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14942708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
14952708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
14962708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
14972708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
14982708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
14992708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
15002708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15012708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15022708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15032708.423c: supR3HardenedDllNotificationCallback: load 000000006d950000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15042708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
15052708.423c: supR3HardenedDllNotificationCallback: load 000000006db30000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
15062708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
15072708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe58c0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
15082708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
15092708.423c: supR3HardenedDllNotificationCallback: load 00007ffbba280000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
15102708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15112708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
15122708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
15132708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15142708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15152708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15162708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15172708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15182708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15192708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15202708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15212708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15222708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15232708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15242708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15252708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15262708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15272708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15282708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15292708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15302708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15312708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15322708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15332708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15342708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15352708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15362708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15372708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15382708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15392708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15402708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15412708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15422708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15432708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15442708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15452708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15462708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15472708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15482708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15492708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15502708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15512708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15522708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15532708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15542708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15552708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15562708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
15572708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15582708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15592708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15612708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbba280000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15622708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5130000 'C:\WINDOWS\system32\Wintrust.dll'
15632708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
15642708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
15652708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
15662708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
15672708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\system32\crypt32.dll'
15682708.423c: SUPR3HardenedMain: Load TrustedMain...
15692708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
15702708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15712708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15722708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
15732708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15742708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
15752708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
15762708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
15772708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
15782708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
15792708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
15802708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
15812708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
15822708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
15832708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
15842708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
15852708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
15862708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
15872708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15882708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15892708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
15902708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
15912708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
15922708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
15932708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
15942708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
15952708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15982708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15992708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16002708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
16012708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
16022708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
16032708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16042708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
16052708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
16062708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16072708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16082708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16092708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
16102708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
16112708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16122708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
16132708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
16142708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
16152708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16162708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16172708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16222708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
16232708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
16242708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
16252708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
16262708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
16272708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16282708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16292708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
16302708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
16312708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
16322708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
16332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16352708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
16362708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
16372708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
16382708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
16392708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
16402708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
16412708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
16422708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
16432708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16452708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
16462708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16472708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
16482708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16492708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16502708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
16512708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
16522708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
16532708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
16542708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
16552708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16562708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16572708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
16582708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
16592708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
16602708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16612708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16622708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16632708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16642708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16652708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16662708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16672708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
16682708.423c: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
16692708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
16702708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
16712708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
16722708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
16732708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16742708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
16752708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
16762708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
16772708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
16782708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16792708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16802708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16812708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16822708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16832708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
16842708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16852708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16862708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16872708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16882708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16892708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
16902708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16912708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16922708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16932708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
16942708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
16952708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
16962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16982708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
16992708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
17002708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
17012708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17022708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17032708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
17042708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17052708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
17062708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
17072708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17092708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17102708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17112708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17122708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
17132708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17142708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
17152708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
17162708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17172708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
17182708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
17192708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
17202708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
17212708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
17222708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17242708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17252708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
17262708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17272708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17282708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17292708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17302708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17312708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17322708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17332708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
17342708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17352708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17362708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17372708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17382708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17392708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17402708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17412708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17422708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17432708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17442708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17452708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
17462708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17472708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17482708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17492708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17502708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17512708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17522708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17532708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17542708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17552708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17562708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17572708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17582708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17592708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17602708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17612708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
17622708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17632708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17642708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
17652708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17662708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17672708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17682708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17692708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17702708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17712708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17722708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17732708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17742708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17752708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17762708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
17772708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17782708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17792708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
17802708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17812708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17822708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
17832708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17842708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17852708.423c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
17862708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17872708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
17882708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17892708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17902708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
17912708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
17922708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
17932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17942708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17952708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17982708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
17992708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18002708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18012708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18022708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18032708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18042708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
18052708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
18062708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
18072708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18092708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
18102708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18112708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18122708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18132708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18142708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18152708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18162708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18172708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18182708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
18192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18212708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
18222708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18242708.423c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
18252708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18262708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18272708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
18282708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
18292708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
18302708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18312708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18322708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18352708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
18362708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18382708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18392708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18402708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18412708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18422708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18432708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18442708.423c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
18452708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18462708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18472708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
18482708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18492708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18502708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
18512708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18522708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18532708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
18542708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
18552708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
18562708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
18572708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
18582708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
18592708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
18602708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18612708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18622708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18632708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
18642708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18652708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18662708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
18672708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18682708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18692708.423c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
18702708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18712708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
18722708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
18732708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
18742708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
18752708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
18762708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
18772708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
18782708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18792708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18802708.423c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
18812708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18822708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
18832708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
18842708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
18852708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18862708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18872708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
18882708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18892708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18902708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
18912708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18922708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18932708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
18942708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18952708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18962708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
18972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18982708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18992708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19002708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19012708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19022708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
19032708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19042708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19052708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19062708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19072708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
19092708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
19102708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
19112708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19122708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19132708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19142708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
19152708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
19162708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19172708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19182708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19212708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
19222708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19232708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
19242708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
19252708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
19262708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
19272708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19282708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19292708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19302708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19312708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19322708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19352708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19362708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19392708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19402708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19412708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19422708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19432708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19452708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19462708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
19472708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
19482708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19492708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19502708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
19512708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
19522708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
19532708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19542708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19552708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
19562708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
19572708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
19582708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19592708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19602708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
19612708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
19622708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
19632708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19642708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19652708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19662708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19672708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19682708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19692708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19702708.423c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
19712708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
19722708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
19732708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
19742708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
19752708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
19762708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
19772708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19782708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19792708.423c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
19802708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
19812708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
19822708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
19832708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19842708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19852708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19862708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
19872708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19882708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
19892708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
19902708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
19912708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
19922708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19932708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19942708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19952708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll)
19962708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll
19972708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
19982708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5060000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
19992708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
20002708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4570000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
20012708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
20022708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4390000 LB 0x00189000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
20032708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
20042708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
20052708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
20062708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
20072708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
20082708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
20092708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5da0000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
20102708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
20112708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5f80000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
20122708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdadc0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
20132708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
20142708.423c: supR3HardenedDllNotificationCallback: load 00007ffbcf8a0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
20152708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
20162708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4520000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
20172708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
20182708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
20192708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe61f0000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
20202708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
20212708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe6690000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
20222708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20232708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
20242708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
20252708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
20262708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
20272708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe7ca0000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
20282708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
20292708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4300000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
20302708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
20312708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
20322708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
20332708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
20342708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4340000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
20352708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
20362708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
20372708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
20382708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe4710000 LB 0x006f2000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
20392708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20402708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
20412708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
20422708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
20432708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
20442708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
20452708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe6740000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
20462708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20472708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5e30000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
20482708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20492708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe0e70000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
20502708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
20512708.423c: supR3HardenedDllNotificationCallback: load 000000006cb20000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
20522708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20532708.423c: supR3HardenedDllNotificationCallback: load 00007ffb9e190000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
20542708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20552708.423c: supR3HardenedDllNotificationCallback: load 000000006c5b0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
20562708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20572708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdc050000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
20582708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
20592708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdab60000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\COMCTL32.dll [fFlags=0x0]
20602708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll [avoiding WinVerifyTrust]
20612708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5c70000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
20622708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
20632708.423c: supR3HardenedDllNotificationCallback: load 00007ffbc0600000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
20642708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
20652708.423c: supR3HardenedDllNotificationCallback: load 000000006d8f0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
20662708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20672708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe6130000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
20682708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
20692708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2670000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
20702708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
20712708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe27b0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
20722708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
20732708.423c: supR3HardenedDllNotificationCallback: load 00007ffbb6120000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
20742708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
20752708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
20762708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
20772708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
20782708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
20792708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
20802708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
20812708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
20822708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
20832708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
20842708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
20852708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
20862708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
20872708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll'.
20882708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.0_none_43a14f3b47f396e6\comctl32.dll' [rescheduled]
20892708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20902708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
20912708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
20922708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
20932708.423c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
20942708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
20952708.423c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
20962708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
20972708.423c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
20982708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
20992708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
21002708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
21012708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21022708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
21032708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21042708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
21052708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21062708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
21072708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
21082708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
21092708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
21102708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
21112708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
21122708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
21132708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21142708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21152708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
21162708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21172708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
21182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21222708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21242708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21252708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21262708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21272708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21282708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21292708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21302708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
21312708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
21322708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
21332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21352708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21362708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21392708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21402708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21412708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
21422708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21432708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21452708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21462708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21472708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21482708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21492708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21502708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21512708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
21522708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21532708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21542708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21552708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21562708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
21572708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
21582708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
21592708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21602708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21612708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
21622708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21632708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a90000 'C:\WINDOWS\System32\kernel32.dll'
21642708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21652708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-string-l1-1-0'
21662708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21672708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-datetime-l1-1-1'
21682708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
21692708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-localization-obsolete-l1-2-0'
21702708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21712708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
21722708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
21732708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
21742708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
21752708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21762708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21772708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
21782708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
21792708.423c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
21802708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21812708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21822708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21832708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5a60000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
21842708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
21852708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a60000 'C:\WINDOWS\system32\IMM32.DLL'
21862708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21872708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
21882708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
21892708.423c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
21902708.423c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
21912708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21922708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a60000 'C:\WINDOWS\System32\imm32.dll'
21932708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
21942708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21952708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe53d0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
21962708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb6120000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
21972708.423c: SUPR3HardenedMain: Calling TrustedMain (00007ffbb6121610)...
21982708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
21992708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
22002708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
22012708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
22022708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
22032708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
22042708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22052708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
22062708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
22072708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
22082708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
22092708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
22102708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
22112708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22122708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22132708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22142708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22152708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22162708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22172708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22192708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22222708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
22232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22242708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22252708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22262708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22272708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22282708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
22292708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
22302708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
22312708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
22322708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22332708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22342708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
22352708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
22362708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
22372708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
22382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22392708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22402708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
22412708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22422708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22432708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22452708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22462708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
22472708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
22482708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
22492708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
22502708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22512708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22522708.423c: supR3HardenedDllNotificationCallback: load 00007ffbbd080000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
22532708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22542708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbd080000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
22552708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000678 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22562708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
22572708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
22582708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
22592708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
22602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
22612708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
22622708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22632708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22642708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
22652708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
22662708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
22672708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22682708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22692708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22702708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22712708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22722708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22732708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22742708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
22752708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22762708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22772708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2b00000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
22782708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
22792708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2b00000 'C:\WINDOWS\system32\uxtheme.dll'
22802708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5f80000 'C:\WINDOWS\system32\user32.dll'
22812708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22822708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22832708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6740000 'C:\WINDOWS\system32\shell32.dll'
22842708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
22852708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
22862708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
22872708.423c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
22882708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22892708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6690000 'C:\WINDOWS\system32\SHCore.dll'
22902708.423c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
22912708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22922708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
22932708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22942708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
22952708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
22962708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
22972708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
22982708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
22992708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe1450000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
23002708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
23012708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23022708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23032708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23042708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23052708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23062708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23072708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
23082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23092708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23102708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
23112708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
23122708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
23132708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23142708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23152708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe27b0000 'C:\WINDOWS\system32\winmm.dll'
23162708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23172708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23182708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe27b0000 'C:\WINDOWS\system32\winmm.dll'
23192708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
23202708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23212708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6740000 'C:\WINDOWS\system32\shell32.dll'
23222708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
23232708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23242708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2b00000 'C:\WINDOWS\system32\uxtheme.dll'
23252708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23262708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23272708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe53d0000 'C:\WINDOWS\system32\advapi32.dll'
23282708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
23292708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
23302708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
23312708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
23322708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
23332708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
23342708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
23352708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
23362708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
23372708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23382708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23392708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
23402708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23412708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
23422708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe41e0000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
23432708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
23442708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe41e0000 'C:\WINDOWS\system32\userenv.dll'
23452708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
23462708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23472708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5a90000 'C:\WINDOWS\System32\kernel32.dll'
23482708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe5b40000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
23492708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23502708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
23512708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
23522708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
23532708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23542708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23552708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23562708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23572708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
23582708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
23592708.37d8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
23602708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
23612708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23622708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23632708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23642708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23652708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23662708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23672708.37d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
23682708.37d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
23692708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23702708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23712708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23722708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23732708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23742708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
23752708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23762708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23772708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23782708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23792708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23802708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23812708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
23822708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23832708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23842708.37d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23852708.37d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
23862708.37d8: supR3HardenedDllNotificationCallback: load 00007ffb9dc90000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23872708.37d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
23882708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb9dc90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23892708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
23902708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23912708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23922708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23932708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
23942708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23952708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23962708.37d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23972708.37d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
23982708.37d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23992708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24002708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24012708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24022708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24032708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24042708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24052708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24062708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24072708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24082708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24092708.37d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
24102708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
24112708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
24122708.37d8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
24132708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24142708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24152708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24162708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24172708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24182708.37d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24192708.37d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24202708.37d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24212708.37d8: supR3HardenedDllNotificationCallback: load 00007ffbbcfc0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
24222708.37d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24232708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbcfc0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
24242708.37d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24252708.37d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24262708.37d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6130000 'C:\Windows\System32\oleaut32.dll'
24272708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
24282708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24292708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5da0000 'C:\WINDOWS\system32\gdi32.dll'
24302708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
24312708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24322708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6740000 'C:\WINDOWS\system32\shell32.dll'
24332708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe7d00000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
24342708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24352708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
24362708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
24372708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
24382708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
24392708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
24402708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
24412708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
24422708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
24432708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
24442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24452708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24462708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24472708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24482708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24492708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24502708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
24512708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24522708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24532708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
24542708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
24552708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
24562708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a14 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24572708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
24582708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
24592708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
24602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
24612708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
24622708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
24632708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24642708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24652708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
24662708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
24672708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
24682708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
24692708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
24702708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
24712708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
24722708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
24732708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
24742708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
24752708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
24762708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
24772708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
24782708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
24792708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
24802708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
24812708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
24822708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24832708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24842708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24852708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24862708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
24872708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24882708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
24892708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
24902708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24912708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
24922708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
24932708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
24942708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
24952708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
24962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
24972708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
24982708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24992708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
25002708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
25012708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
25022708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
25032708.423c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
25042708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25052708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
25062708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
25072708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
25082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25092708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25102708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
25112708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
25122708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
25132708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25142708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25152708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
25162708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
25172708.423c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
25182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
25192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
25202708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
25212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25222708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25232708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25242708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
25252708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
25262708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
25272708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
25282708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3150000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
25292708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
25302708.423c: supR3HardenedDllNotificationCallback: load 00007ffbde250000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
25312708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
25322708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2400000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
25332708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
25342708.423c: supR3HardenedDllNotificationCallback: load 00007ffbd4150000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
25352708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
25362708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4150000 'C:\WINDOWS\system32\dataexchange.dll'
25372708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
25382708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
25392708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
25402708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25412708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
25422708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
25432708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
25442708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
25452708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
25462708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2cb0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
25472708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
25482708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25492708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
25502708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
25512708.423c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
25522708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
25532708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25542708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
25552708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
25562708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
25572708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
25582708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25592708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
25602708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
25612708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
25622708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
25632708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
25642708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
25652708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
25662708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
25672708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
25682708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
25692708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25702708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
25712708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll)
25722708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll
25732708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe3640000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
25742708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
25752708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2180000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
25762708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
25772708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe0870000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
25782708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
25792708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe1000000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
25802708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
25812708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdeee0000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
25822708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
25832708.423c: supR3HardenedDllNotificationCallback: load 00007ffbdfbc0000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
25842708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
25852708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25862708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25872708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25882708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25892708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
25902708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
25912708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
25922708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25942708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
25952708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
25962708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
25972708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25982708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25992708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26002708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26012708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26022708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26032708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
26042708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
26052708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
26062708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
26072708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26082708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26092708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
26102708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
26112708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
26122708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
26132708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
26142708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
26152708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26162708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26172708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
26182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
26192708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
26202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
26212708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
26222708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
26232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26242708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26252708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26262708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26272708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26282708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26292708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll'
26302708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26312708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26322708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
26332708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26342708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26352708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
26362708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26372708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26382708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
26392708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26402708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26412708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
26422708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a5c pwszName=\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
26432708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
26442708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
26452708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9F6A1B151CF57E6DCA07996124AC68D7674C81
26462708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26472708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26482708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-InputService-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
26492708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26502708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
26512708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26522708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26532708.423c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
26542708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26552708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26562708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6130000 'C:\WINDOWS\System32\OLEAUT32.DLL'
26572708.423c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26582708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5f80000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
26592708.423c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26602708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5f80000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
26612708.423c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
26622708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26632708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
26642708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26652708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe61f0000 'api-ms-win-core-com-l1-1-1.dll'
26662708.423c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
26672708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26682708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
26692708.423c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
26702708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26712708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
26722708.423c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
26732708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\secruntime.dll (Input=secruntime.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26742708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\secruntime.dll'
26752708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
26762708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26772708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe7d00000 'C:\WINDOWS\System32\MSCTF.dll'
26782708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000adc pwszName=\Device\HarddiskVolume4\Windows\System32\oleacc.dll
26792708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
26802708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
26812708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B409CD3D0459335BDD83EA8037B071CA63183B1B
26822708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
26832708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
26842708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleacc.dll'
26852708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26862708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
26872708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
26882708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleacc.dll) WinVerifyTrust
26892708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleacc.dll
26902708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26912708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26922708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26942708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26952708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
26962708.423c: supR3HardenedDllNotificationCallback: load 00007ffbda910000 LB 0x0006b000 C:\WINDOWS\system32\oleacc.dll [fFlags=0x0]
26972708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
26982708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbda910000 'C:\WINDOWS\system32\oleacc.dll'
26992708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
27002708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27012708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6130000 'C:\WINDOWS\System32\OLEAUT32.DLL'
27022708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27032708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27042708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbda910000 'C:\Windows\System32\oleacc.dll'
27052708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume4\Windows\System32\oleacchooks.dll
27062708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
27072708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
27082708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96CF5533597109A3B0B92C2A071A8FD41B8010D5
27092708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
27102708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
27112708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27122708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
27132708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleacchooks.dll'
27142708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27152708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27162708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleacchooks.dll) WinVerifyTrust
27172708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleacchooks.dll
27182708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27202708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\OLEACCHOOKS.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27212708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacchooks.dll
27222708.423c: supR3HardenedDllNotificationCallback: load 00007ffbe2390000 LB 0x00009000 C:\WINDOWS\SYSTEM32\OLEACCHOOKS.DLL [fFlags=0x0]
27232708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacchooks.dll
27242708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2390000 'C:\WINDOWS\SYSTEM32\OLEACCHOOKS.DLL'
27252708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbe2390000 LB 0x00009000 C:\WINDOWS\SYSTEM32\OLEACCHOOKS.DLL [flags=0x0]
27262708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
27272708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27282708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5e30000 'C:\WINDOWS\System32\ole32.dll'
27292708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6130000 'C:\WINDOWS\System32\OLEAUT32.dll'
27302708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b6c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
27312708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
27322708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
27332708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
27342708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
27352708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
27362708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
27372708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27382708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27392708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
27402708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
27412708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
27422708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
27432708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
27442708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
27452708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b70 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
27462708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
27472708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
27482708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
27492708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
27502708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
27512708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
27522708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27532708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27542708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
27552708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
27562708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
27572708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
27582708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27592708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27602708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
27612708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27622708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27632708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27642708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27652708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
27662708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
27672708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
27682708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
27692708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27702708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27712708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27722708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
27732708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
27742708.423c: supR3HardenedDllNotificationCallback: load 00007ffbd4d10000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
27752708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
27762708.423c: supR3HardenedDllNotificationCallback: load 00007ffbd22d0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
27772708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
27782708.423c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27792708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
27802708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd22d0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
27812708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
27822708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
27832708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
27842708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
27852708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
27862708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
27872708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
27882708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27892708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27902708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
27912708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
27922708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
27932708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27942708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27952708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27962708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27972708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
27982708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27992708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28002708.423c: supR3HardenedDllNotificationCallback: load 00007ffbd1290000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
28012708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
28022708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd1290000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
28032708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28042708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-localization-l1-2-0.dll'
28052708.423c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28062708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4e10000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
28072708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bdc pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
28082708.423c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000df0a20
28092708.423c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000df0a20
28102708.423c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
28112708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
28122708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5190000 'C:\WINDOWS\System32\crypt32.dll'
28132708.423c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
28142708.423c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28152708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28162708.423c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
28172708.423c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
28182708.423c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
28192708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
28202708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
28212708.423c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
28222708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28232708.423c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28242708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28252708.423c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
28262708.423c: supR3HardenedDllNotificationCallback: load 00007ffbd1c00000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
28272708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
28282708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd1c00000 'C:\WINDOWS\system32\wbem\fastprox.dll'
28292708.423c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
28302708.423c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28312708.423c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5e30000 'C:\WINDOWS\system32\ole32.dll'
28322708.3ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
28332708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28342708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
28352708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28362708.3ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
28372708.3ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28382708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28392708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28402708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
28412708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
28422708.3ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
28432708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
28442708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28452708.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
28462708.3ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
28472708.3ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
28482708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28492708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28502708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28512708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28522708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28532708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28542708.3ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28552708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28562708.3ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28572708.3ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28582708.3ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28592708.3ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
28602708.3ce0: supR3HardenedDllNotificationCallback: load 000000006c4a0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
28612708.3ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
28622708.3ce0: supR3HardenedDllNotificationCallback: load 00007ffb915a0000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
28632708.3ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28642708.3ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb915a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28652708.4370: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3810000 'C:\WINDOWS\system32\rsaenh.dll'
28662708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbd1290000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
28672708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbd4150000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
28682708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbde250000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
28692708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbe3150000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
28702708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbe2400000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
28712708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbe2cb0000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
28722708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbd1c00000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
28732708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbbcfc0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
28742708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbd22d0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
28752708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffbd4d10000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
28762708.423c: supR3HardenedDllNotificationCallback: Unload 00007ffb9dc90000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
28772708.423c: Terminating the normal way: rcExit=0
287835d4.3c9c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3590 ms, the end);
28792d40.2df4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4904 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy