VirtualBox

Ticket #16895: VBoxHardening.log

File VBoxHardening.log, 264.3 KB (added by Chowlett, 7 years ago)

DOS VM VBoxHardening log

Line 
1247c.26b4: Log file opened: 5.1.23r116680 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0383900
2247c.26b4: \SystemRoot\System32\ntdll.dll:
3247c.26b4: CreationTime: 2017-06-12T22:49:15.942221900Z
4247c.26b4: LastWriteTime: 2017-06-12T22:49:15.958104200Z
5247c.26b4: ChangeTime: 2017-07-10T08:26:33.453610000Z
6247c.26b4: FileAttributes: 0x20
7247c.26b4: Size: 0x1cc888
8247c.26b4: NT Headers: 0xd8
9247c.26b4: Timestamp: 0x5825887f
10247c.26b4: Machine: 0x8664 - amd64
11247c.26b4: Timestamp: 0x5825887f
12247c.26b4: Image Version: 10.0
13247c.26b4: SizeOfImage: 0x1d1000 (1904640)
14247c.26b4: Resource Dir: 0x168000 LB 0x67988
15247c.26b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16247c.26b4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
17247c.26b4: ProductName: Microsoft® Windows® Operating System
18247c.26b4: ProductVersion: 10.0.14393.479
19247c.26b4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
20247c.26b4: FileDescription: NT Layer DLL
21247c.26b4: \SystemRoot\System32\kernel32.dll:
22247c.26b4: CreationTime: 2017-06-12T16:06:05.224379100Z
23247c.26b4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
24247c.26b4: ChangeTime: 2017-07-10T08:26:30.910754100Z
25247c.26b4: FileAttributes: 0x20
26247c.26b4: Size: 0xab208
27247c.26b4: NT Headers: 0xf0
28247c.26b4: Timestamp: 0x59028368
29247c.26b4: Machine: 0x8664 - amd64
30247c.26b4: Timestamp: 0x59028368
31247c.26b4: Image Version: 10.0
32247c.26b4: SizeOfImage: 0xac000 (704512)
33247c.26b4: Resource Dir: 0xaa000 LB 0x530
34247c.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35247c.26b4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
36247c.26b4: ProductName: Microsoft® Windows® Operating System
37247c.26b4: ProductVersion: 10.0.14393.1198
38247c.26b4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
39247c.26b4: FileDescription: Windows NT BASE API Client DLL
40247c.26b4: \SystemRoot\System32\KernelBase.dll:
41247c.26b4: CreationTime: 2017-07-10T08:09:18.624188600Z
42247c.26b4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
43247c.26b4: ChangeTime: 2017-07-10T08:45:04.339445700Z
44247c.26b4: FileAttributes: 0x20
45247c.26b4: Size: 0x21c780
46247c.26b4: NT Headers: 0xf8
47247c.26b4: Timestamp: 0x59327897
48247c.26b4: Machine: 0x8664 - amd64
49247c.26b4: Timestamp: 0x59327897
50247c.26b4: Image Version: 10.0
51247c.26b4: SizeOfImage: 0x21d000 (2215936)
52247c.26b4: Resource Dir: 0x201000 LB 0x550
53247c.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54247c.26b4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
55247c.26b4: ProductName: Microsoft® Windows® Operating System
56247c.26b4: ProductVersion: 10.0.14393.1358
57247c.26b4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
58247c.26b4: FileDescription: Windows NT BASE API Client DLL
59247c.26b4: \SystemRoot\System32\apisetschema.dll:
60247c.26b4: CreationTime: 2016-07-16T11:42:21.577586000Z
61247c.26b4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
62247c.26b4: ChangeTime: 2017-07-07T12:46:31.125620800Z
63247c.26b4: FileAttributes: 0x20
64247c.26b4: Size: 0x18960
65247c.26b4: NT Headers: 0xc8
66247c.26b4: Timestamp: 0x57899bd2
67247c.26b4: Machine: 0x8664 - amd64
68247c.26b4: Timestamp: 0x57899bd2
69247c.26b4: Image Version: 10.0
70247c.26b4: SizeOfImage: 0x19000 (102400)
71247c.26b4: Resource Dir: 0x18000 LB 0x400
72247c.26b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73247c.26b4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
74247c.26b4: ProductName: Microsoft® Windows® Operating System
75247c.26b4: ProductVersion: 10.0.14393.0
76247c.26b4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
77247c.26b4: FileDescription: ApiSet Schema DLL
78247c.26b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79247c.26b4: supR3HardenedWinFindAdversaries: 0x0
80247c.26b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81247c.26b4: Calling main()
82247c.26b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83247c.26b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84247c.26b4: SUPR3HardenedMain: Respawn #1
85247c.26b4: System32: \Device\HarddiskVolume4\Windows\System32
86247c.26b4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
87247c.26b4: KnownDllPath: C:\WINDOWS\System32
88247c.26b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89247c.26b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90247c.26b4: supR3HardNtEnableThreadCreation:
91247c.26b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b1809fa0 pvNtTerminateThread=00007ff9b1836b20
92247c.26b4: supR3HardenedWinDoReSpawn(1): New child 29b4.2aa4 [kernel32].
93247c.26b4: supR3HardNtChildGatherData: PebBaseAddress=0000000000c1e000 cbPeb=0x388
94247c.26b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9b1790000 uNtDllChildAddr=00007ff9b1790000
95247c.26b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9b1809fa0
96247c.26b4: supR3HardenedWinSetupChildInit: Start child.
97247c.26b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98247c.26b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
99247c.26b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100247c.26b4: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000
101247c.26b4: *0000000000b20000-0000000000b3ffff 0x0004/0x0004 0x0020000
102247c.26b4: *0000000000b40000-0000000000b55fff 0x0002/0x0002 0x0040000
103247c.26b4: 0000000000b56000-0000000000b5ffff 0x0001/0x0000 0x0000000
104247c.26b4: *0000000000b60000-0000000000b63fff 0x0002/0x0002 0x0040000
105247c.26b4: 0000000000b64000-0000000000b6ffff 0x0001/0x0000 0x0000000
106247c.26b4: *0000000000b70000-0000000000b71fff 0x0004/0x0004 0x0020000
107247c.26b4: 0000000000b72000-0000000000bfffff 0x0001/0x0000 0x0000000
108247c.26b4: *0000000000c00000-0000000000c1dfff 0x0000/0x0004 0x0020000
109247c.26b4: 0000000000c1e000-0000000000c20fff 0x0004/0x0004 0x0020000
110247c.26b4: 0000000000c21000-0000000000dfffff 0x0000/0x0004 0x0020000
111247c.26b4: *0000000000e00000-0000000000efafff 0x0000/0x0004 0x0020000
112247c.26b4: 0000000000efb000-0000000000efdfff 0x0104/0x0004 0x0020000
113247c.26b4: 0000000000efe000-0000000000efffff 0x0004/0x0004 0x0020000
114247c.26b4: 0000000000f00000-000000007ffdffff 0x0001/0x0000 0x0000000
115247c.26b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
116247c.26b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
117247c.26b4: 000000007fff0000-00007ff76744ffff 0x0001/0x0000 0x0000000
118247c.26b4: *00007ff767450000-00007ff767472fff 0x0002/0x0002 0x0040000
119247c.26b4: 00007ff767473000-00007ff7678cffff 0x0001/0x0000 0x0000000
120247c.26b4: *00007ff7678d0000-00007ff7678d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
121247c.26b4: 00007ff7678d1000-00007ff767940fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
122247c.26b4: 00007ff767941000-00007ff767941fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
123247c.26b4: 00007ff767942000-00007ff767986fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
124247c.26b4: 00007ff767987000-00007ff767987fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
125247c.26b4: 00007ff767988000-00007ff767988fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
126247c.26b4: 00007ff767989000-00007ff76798dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
127247c.26b4: 00007ff76798e000-00007ff76798efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
128247c.26b4: 00007ff76798f000-00007ff76798ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
129247c.26b4: 00007ff767990000-00007ff767993fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
130247c.26b4: 00007ff767994000-00007ff7679dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
131247c.26b4: 00007ff7679dc000-00007ff9b178ffff 0x0001/0x0000 0x0000000
132247c.26b4: *00007ff9b1790000-00007ff9b1790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
133247c.26b4: 00007ff9b1791000-00007ff9b1897fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
134247c.26b4: 00007ff9b1898000-00007ff9b18dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
135247c.26b4: 00007ff9b18dc000-00007ff9b18e4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
136247c.26b4: 00007ff9b18e5000-00007ff9b18f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
137247c.26b4: 00007ff9b18f3000-00007ff9b18f3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
138247c.26b4: 00007ff9b18f4000-00007ff9b18f6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
139247c.26b4: 00007ff9b18f7000-00007ff9b1960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
140247c.26b4: 00007ff9b1961000-00007ffffffdffff 0x0001/0x0000 0x0000000
141247c.26b4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142247c.26b4: VirtualBox.exe: timestamp 0x595b6ed5 (rc=VINF_SUCCESS)
143247c.26b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144247c.26b4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
145247c.26b4: supR3HardNtChildPurify: Done after 324 ms and 0 fixes (loop #0).
146247c.26b4: supR3HardNtEnableThreadCreation:
14729b4.2aa4: Log file opened: 5.1.23r116680 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
14829b4.2aa4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9b1790000 g_uNtVerCombined=0xa0383900
14929b4.2aa4: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
15029b4.2aa4: New simple heap: #1 0000000001000000 LB 0x400000 (for 1904640 allocation)
15129b4.2aa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
15229b4.2aa4: System32: \Device\HarddiskVolume4\Windows\System32
15329b4.2aa4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
15429b4.2aa4: KnownDllPath: C:\WINDOWS\System32
15529b4.2aa4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15629b4.2aa4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15729b4.2aa4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15829b4.2aa4: Registered Dll notification callback with NTDLL.
15929b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
16029b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16129b4.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
16229b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9adc90000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
16329b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
16429b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
16529b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9b1050000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
16629b4.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
16729b4.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1050000 'C:\WINDOWS\System32\KERNEL32.DLL'
16829b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff7678d0000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16929b4.2aa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17029b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17129b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17229b4.2aa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b1809fa0 pvNtTerminateThread=00007ff9b1836b20
173247c.26b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 59 ms.
17429b4.2aa4: \SystemRoot\System32\ntdll.dll:
17529b4.2aa4: CreationTime: 2017-06-12T22:49:15.942221900Z
17629b4.2aa4: LastWriteTime: 2017-06-12T22:49:15.958104200Z
17729b4.2aa4: ChangeTime: 2017-07-10T08:26:33.453610000Z
17829b4.2aa4: FileAttributes: 0x20
17929b4.2aa4: Size: 0x1cc888
18029b4.2aa4: NT Headers: 0xd8
18129b4.2aa4: Timestamp: 0x5825887f
18229b4.2aa4: Machine: 0x8664 - amd64
18329b4.2aa4: Timestamp: 0x5825887f
18429b4.2aa4: Image Version: 10.0
18529b4.2aa4: SizeOfImage: 0x1d1000 (1904640)
18629b4.2aa4: Resource Dir: 0x168000 LB 0x67988
18729b4.2aa4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18829b4.2aa4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
18929b4.2aa4: ProductName: Microsoft® Windows® Operating System
19029b4.2aa4: ProductVersion: 10.0.14393.479
19129b4.2aa4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
19229b4.2aa4: FileDescription: NT Layer DLL
19329b4.2aa4: \SystemRoot\System32\kernel32.dll:
19429b4.2aa4: CreationTime: 2017-06-12T16:06:05.224379100Z
19529b4.2aa4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
19629b4.2aa4: ChangeTime: 2017-07-10T08:26:30.910754100Z
19729b4.2aa4: FileAttributes: 0x20
19829b4.2aa4: Size: 0xab208
19929b4.2aa4: NT Headers: 0xf0
20029b4.2aa4: Timestamp: 0x59028368
20129b4.2aa4: Machine: 0x8664 - amd64
20229b4.2aa4: Timestamp: 0x59028368
20329b4.2aa4: Image Version: 10.0
20429b4.2aa4: SizeOfImage: 0xac000 (704512)
20529b4.2aa4: Resource Dir: 0xaa000 LB 0x530
20629b4.2aa4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
20729b4.2aa4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
20829b4.2aa4: ProductName: Microsoft® Windows® Operating System
20929b4.2aa4: ProductVersion: 10.0.14393.1198
21029b4.2aa4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
21129b4.2aa4: FileDescription: Windows NT BASE API Client DLL
21229b4.2aa4: \SystemRoot\System32\KernelBase.dll:
21329b4.2aa4: CreationTime: 2017-07-10T08:09:18.624188600Z
21429b4.2aa4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
21529b4.2aa4: ChangeTime: 2017-07-10T08:45:04.339445700Z
21629b4.2aa4: FileAttributes: 0x20
21729b4.2aa4: Size: 0x21c780
21829b4.2aa4: NT Headers: 0xf8
21929b4.2aa4: Timestamp: 0x59327897
22029b4.2aa4: Machine: 0x8664 - amd64
22129b4.2aa4: Timestamp: 0x59327897
22229b4.2aa4: Image Version: 10.0
22329b4.2aa4: SizeOfImage: 0x21d000 (2215936)
22429b4.2aa4: Resource Dir: 0x201000 LB 0x550
22529b4.2aa4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
22629b4.2aa4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
22729b4.2aa4: ProductName: Microsoft® Windows® Operating System
22829b4.2aa4: ProductVersion: 10.0.14393.1358
22929b4.2aa4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
23029b4.2aa4: FileDescription: Windows NT BASE API Client DLL
23129b4.2aa4: \SystemRoot\System32\apisetschema.dll:
23229b4.2aa4: CreationTime: 2016-07-16T11:42:21.577586000Z
23329b4.2aa4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
23429b4.2aa4: ChangeTime: 2017-07-07T12:46:31.125620800Z
23529b4.2aa4: FileAttributes: 0x20
23629b4.2aa4: Size: 0x18960
23729b4.2aa4: NT Headers: 0xc8
23829b4.2aa4: Timestamp: 0x57899bd2
23929b4.2aa4: Machine: 0x8664 - amd64
24029b4.2aa4: Timestamp: 0x57899bd2
24129b4.2aa4: Image Version: 10.0
24229b4.2aa4: SizeOfImage: 0x19000 (102400)
24329b4.2aa4: Resource Dir: 0x18000 LB 0x400
24429b4.2aa4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
24529b4.2aa4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
24629b4.2aa4: ProductName: Microsoft® Windows® Operating System
24729b4.2aa4: ProductVersion: 10.0.14393.0
24829b4.2aa4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
24929b4.2aa4: FileDescription: ApiSet Schema DLL
25029b4.2aa4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
25129b4.2aa4: supR3HardenedWinFindAdversaries: 0x0
25229b4.2aa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
25329b4.2aa4: Calling main()
25429b4.2aa4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
25529b4.2aa4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
25629b4.2aa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
25729b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
25829b4.2aa4: SUPR3HardenedMain: Respawn #2
25929b4.2aa4: supR3HardNtEnableThreadCreation:
26029b4.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26129b4.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
26229b4.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
26329b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
26429b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
26529b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26629b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26729b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
26829b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
26929b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
27029b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
27129b4.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27229b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
27329b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
27429b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27529b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27629b4.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
27729b4.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
27829b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27929b4.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28029b4.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
28129b4.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
28229b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9b16b0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
28329b4.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
28429b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9aed20000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
28529b4.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
28629b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9af830000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
28729b4.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
28829b4.2aa4: supR3HardenedDllNotificationCallback: load 00007ff9b15d0000 LB 0x000a2000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
28929b4.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
29029b4.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b15d0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
29129b4.2aa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b1809fa0 pvNtTerminateThread=00007ff9b1836b20
29229b4.2aa4: supR3HardenedWinDoReSpawn(2): New child 1f24.1864 [kernel32].
29329b4.2aa4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
29429b4.2aa4: supR3HardNtChildGatherData: PebBaseAddress=000000000059d000 cbPeb=0x388
29529b4.2aa4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9b1790000 uNtDllChildAddr=00007ff9b1790000
29629b4.2aa4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9b1809fa0
29729b4.2aa4: supR3HardenedWinSetupChildInit: Start child.
29829b4.2aa4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
29929b4.2aa4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
30029b4.2aa4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
30129b4.2aa4: *0000000000000000-000000000023ffff 0x0001/0x0000 0x0000000
30229b4.2aa4: *0000000000240000-000000000025ffff 0x0004/0x0004 0x0020000
30329b4.2aa4: *0000000000260000-0000000000275fff 0x0002/0x0002 0x0040000
30429b4.2aa4: 0000000000276000-000000000027ffff 0x0001/0x0000 0x0000000
30529b4.2aa4: *0000000000280000-000000000037afff 0x0000/0x0004 0x0020000
30629b4.2aa4: 000000000037b000-000000000037dfff 0x0104/0x0004 0x0020000
30729b4.2aa4: 000000000037e000-000000000037ffff 0x0004/0x0004 0x0020000
30829b4.2aa4: *0000000000380000-0000000000383fff 0x0002/0x0002 0x0040000
30929b4.2aa4: 0000000000384000-000000000038ffff 0x0001/0x0000 0x0000000
31029b4.2aa4: *0000000000390000-0000000000391fff 0x0004/0x0004 0x0020000
31129b4.2aa4: 0000000000392000-00000000003fffff 0x0001/0x0000 0x0000000
31229b4.2aa4: *0000000000400000-000000000059cfff 0x0000/0x0004 0x0020000
31329b4.2aa4: 000000000059d000-000000000059ffff 0x0004/0x0004 0x0020000
31429b4.2aa4: 00000000005a0000-00000000005fffff 0x0000/0x0004 0x0020000
31529b4.2aa4: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
31629b4.2aa4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
31729b4.2aa4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
31829b4.2aa4: 000000007fff0000-00007ff766f9ffff 0x0001/0x0000 0x0000000
31929b4.2aa4: *00007ff766fa0000-00007ff766fc2fff 0x0002/0x0002 0x0040000
32029b4.2aa4: 00007ff766fc3000-00007ff7678cffff 0x0001/0x0000 0x0000000
32129b4.2aa4: *00007ff7678d0000-00007ff7678d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32229b4.2aa4: 00007ff7678d1000-00007ff767940fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32329b4.2aa4: 00007ff767941000-00007ff767941fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32429b4.2aa4: 00007ff767942000-00007ff767986fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32529b4.2aa4: 00007ff767987000-00007ff767987fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32629b4.2aa4: 00007ff767988000-00007ff767988fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32729b4.2aa4: 00007ff767989000-00007ff76798dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32829b4.2aa4: 00007ff76798e000-00007ff76798efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
32929b4.2aa4: 00007ff76798f000-00007ff76798ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
33029b4.2aa4: 00007ff767990000-00007ff767993fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
33129b4.2aa4: 00007ff767994000-00007ff7679dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
33229b4.2aa4: 00007ff7679dc000-00007ff9b178ffff 0x0001/0x0000 0x0000000
33329b4.2aa4: *00007ff9b1790000-00007ff9b1790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33429b4.2aa4: 00007ff9b1791000-00007ff9b1897fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33529b4.2aa4: 00007ff9b1898000-00007ff9b18dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33629b4.2aa4: 00007ff9b18dc000-00007ff9b18e4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33729b4.2aa4: 00007ff9b18e5000-00007ff9b18f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33829b4.2aa4: 00007ff9b18f3000-00007ff9b18f3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
33929b4.2aa4: 00007ff9b18f4000-00007ff9b18f6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
34029b4.2aa4: 00007ff9b18f7000-00007ff9b1960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
34129b4.2aa4: 00007ff9b1961000-00007ffffffdffff 0x0001/0x0000 0x0000000
34229b4.2aa4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
34329b4.2aa4: VirtualBox.exe: timestamp 0x595b6ed5 (rc=VINF_SUCCESS)
34429b4.2aa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
34529b4.2aa4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
34629b4.2aa4: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
34729b4.2aa4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001000000 LB 0x400000)
34829b4.2aa4: supR3HardNtEnableThreadCreation:
3491f24.1864: Log file opened: 5.1.23r116680 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
3501f24.1864: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9b1790000 g_uNtVerCombined=0xa0383900
3511f24.1864: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
3521f24.1864: New simple heap: #1 0000000000700000 LB 0x400000 (for 1904640 allocation)
3531f24.1864: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3541f24.1864: System32: \Device\HarddiskVolume4\Windows\System32
3551f24.1864: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3561f24.1864: KnownDllPath: C:\WINDOWS\System32
3571f24.1864: supR3HardenedVmProcessInit: Opening vboxdrv...
3581f24.1864: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3591f24.1864: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3601f24.1864: Registered Dll notification callback with NTDLL.
3611f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3621f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3631f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3641f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adc90000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3651f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3661f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3671f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1050000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3681f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3691f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1050000 'C:\WINDOWS\System32\KERNEL32.DLL'
3701f24.1864: supR3HardenedDllNotificationCallback: load 00007ff7678d0000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3711f24.1864: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3721f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3731f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3741f24.1864: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b1809fa0 pvNtTerminateThread=00007ff9b1836b20
37529b4.2aa4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 65 ms.
3761f24.1864: \SystemRoot\System32\ntdll.dll:
3771f24.1864: CreationTime: 2017-06-12T22:49:15.942221900Z
3781f24.1864: LastWriteTime: 2017-06-12T22:49:15.958104200Z
3791f24.1864: ChangeTime: 2017-07-10T08:26:33.453610000Z
3801f24.1864: FileAttributes: 0x20
3811f24.1864: Size: 0x1cc888
3821f24.1864: NT Headers: 0xd8
3831f24.1864: Timestamp: 0x5825887f
3841f24.1864: Machine: 0x8664 - amd64
3851f24.1864: Timestamp: 0x5825887f
3861f24.1864: Image Version: 10.0
3871f24.1864: SizeOfImage: 0x1d1000 (1904640)
3881f24.1864: Resource Dir: 0x168000 LB 0x67988
3891f24.1864: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3901f24.1864: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)]
3911f24.1864: ProductName: Microsoft® Windows® Operating System
3921f24.1864: ProductVersion: 10.0.14393.479
3931f24.1864: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
3941f24.1864: FileDescription: NT Layer DLL
3951f24.1864: \SystemRoot\System32\kernel32.dll:
3961f24.1864: CreationTime: 2017-06-12T16:06:05.224379100Z
3971f24.1864: LastWriteTime: 2017-04-28T00:49:43.332433600Z
3981f24.1864: ChangeTime: 2017-07-10T08:26:30.910754100Z
3991f24.1864: FileAttributes: 0x20
4001f24.1864: Size: 0xab208
4011f24.1864: NT Headers: 0xf0
4021f24.1864: Timestamp: 0x59028368
4031f24.1864: Machine: 0x8664 - amd64
4041f24.1864: Timestamp: 0x59028368
4051f24.1864: Image Version: 10.0
4061f24.1864: SizeOfImage: 0xac000 (704512)
4071f24.1864: Resource Dir: 0xaa000 LB 0x530
4081f24.1864: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4091f24.1864: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
4101f24.1864: ProductName: Microsoft® Windows® Operating System
4111f24.1864: ProductVersion: 10.0.14393.1198
4121f24.1864: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
4131f24.1864: FileDescription: Windows NT BASE API Client DLL
4141f24.1864: \SystemRoot\System32\KernelBase.dll:
4151f24.1864: CreationTime: 2017-07-10T08:09:18.624188600Z
4161f24.1864: LastWriteTime: 2017-06-03T10:09:08.071687200Z
4171f24.1864: ChangeTime: 2017-07-10T08:45:04.339445700Z
4181f24.1864: FileAttributes: 0x20
4191f24.1864: Size: 0x21c780
4201f24.1864: NT Headers: 0xf8
4211f24.1864: Timestamp: 0x59327897
4221f24.1864: Machine: 0x8664 - amd64
4231f24.1864: Timestamp: 0x59327897
4241f24.1864: Image Version: 10.0
4251f24.1864: SizeOfImage: 0x21d000 (2215936)
4261f24.1864: Resource Dir: 0x201000 LB 0x550
4271f24.1864: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4281f24.1864: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
4291f24.1864: ProductName: Microsoft® Windows® Operating System
4301f24.1864: ProductVersion: 10.0.14393.1358
4311f24.1864: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
4321f24.1864: FileDescription: Windows NT BASE API Client DLL
4331f24.1864: \SystemRoot\System32\apisetschema.dll:
4341f24.1864: CreationTime: 2016-07-16T11:42:21.577586000Z
4351f24.1864: LastWriteTime: 2016-07-16T11:42:21.577586000Z
4361f24.1864: ChangeTime: 2017-07-07T12:46:31.125620800Z
4371f24.1864: FileAttributes: 0x20
4381f24.1864: Size: 0x18960
4391f24.1864: NT Headers: 0xc8
4401f24.1864: Timestamp: 0x57899bd2
4411f24.1864: Machine: 0x8664 - amd64
4421f24.1864: Timestamp: 0x57899bd2
4431f24.1864: Image Version: 10.0
4441f24.1864: SizeOfImage: 0x19000 (102400)
4451f24.1864: Resource Dir: 0x18000 LB 0x400
4461f24.1864: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4471f24.1864: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
4481f24.1864: ProductName: Microsoft® Windows® Operating System
4491f24.1864: ProductVersion: 10.0.14393.0
4501f24.1864: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
4511f24.1864: FileDescription: ApiSet Schema DLL
4521f24.1864: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4531f24.1864: supR3HardenedWinFindAdversaries: 0x0
4541f24.1864: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4551f24.1864: Calling main()
4561f24.1864: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4571f24.1864: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4581f24.1864: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4591f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4601f24.1864: SUPR3HardenedMain: Final process, opening VBoxDrv...
4611f24.1864: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
4621f24.1864: supR3HardNtEnableThreadCreation:
4631f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4641f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4651f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4661f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4671f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ab160000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4681f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4691f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4701f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4711f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab160000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4721f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4731f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4741f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab160000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4751f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab160000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4771f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4781f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4791f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4801f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
4811f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4841f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4851f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4881f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
4891f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
4901f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
4911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4931f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
4941f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
4951f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4961f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4971f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
4981f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
4991f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5001f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5011f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5021f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5031f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b16b0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
5041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5051f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adc50000 LB 0x00010000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
5061f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5071f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9aec20000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
5081f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
5091f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
5101f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ae780000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
5111f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5121f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9aed20000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
5131f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5141f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ae950000 LB 0x00055000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5151f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5161f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5171f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-synch-l1-2-0'
5181f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5191f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-fibers-l1-1-1'
5201f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5211f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-fibers-l1-1-1'
5221f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5231f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-synch-l1-2-0'
5241f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5251f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-localization-l1-2-1'
5261f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\WINDOWS\system32\Wintrust.dll'
5271f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
5281f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
5291f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5301f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5311f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ad830000 LB 0x0002b000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5321f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5331f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ad830000 'C:\WINDOWS\system32\bcrypt.dll'
5341f24.1864: bcrypt.dll loaded at 00007ff9ad830000, BCryptOpenAlgorithmProvider at 00007ff9ad834260, preloading providers:
5351f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
5361f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
5371f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5381f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adeb0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5391f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5401f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adeb0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5411f24.1864: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000c8df40)
5421f24.1864: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000c8ed60)
5431f24.1864: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c8f030)
5441f24.1864: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c8f300)
5451f24.1864: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c8fde0)
5461f24.1864: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c900b0)
5471f24.1864: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c90380)
5481f24.1864: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c90650)
5491f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5501f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5511f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5521f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5531f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5541f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5551f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5561f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5571f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5581f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5591f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5601f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5611f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5621f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5631f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5641f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5651f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5661f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5671f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5681f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5691f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5701f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
5711f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
5721f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ad810000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5731f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5741f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5751f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
5761f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
5771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5781f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5791f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5801f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5811f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5821f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ace00000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5831f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5841f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
5851f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5861f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
5871f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
5881f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ad3a0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5891f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5901f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5931f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5941f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5951f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1050000 'C:\WINDOWS\System32\kernel32.dll'
5961f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5971f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
5981f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5991f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6001f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\CRYPT32.dll'
6011f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1490000 LB 0x0001c000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6021f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
6031f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
6041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6051f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6061f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
6071f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af830000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
6081f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
6091f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
6101f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
6111f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6121f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6131f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
6141f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
6151f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ac110000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6161f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6171f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adc60000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6181f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
6191f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
6201f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6211f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6221f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
6231f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
6241f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6251f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6261f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6271f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6281f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6291f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6301f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6311f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6321f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6331f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6341f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6351f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6361f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6371f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6381f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6391f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6401f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6411f24.1864: supR3HardenedDllNotificationCallback: load 00007ff985520000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6421f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6431f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6441f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6451f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6461f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6471f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6481f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6491f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6501f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6511f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6521f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6531f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6541f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6551f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6561f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6571f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6581f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6591f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6601f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6611f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6621f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6631f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6641f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6651f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6661f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6671f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6681f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6691f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6701f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6711f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\WINDOWS\System32\cryptnet.dll'
6721f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6731f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985520000 'C:\Windows\System32\cryptnet.dll'
6741f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b15d0000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
6751f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6771f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
6781f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
6791f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
6801f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6811f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6831f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6861f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6881f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6891f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6901f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6911f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
6921f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6931f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
6951f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6961f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000c870d0
6971f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
6981f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0CC1880DEF521CFB586B70171713A785823BD2
6991f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7001f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7011f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9aed20000 'C:\WINDOWS\System32\rpcrt4.dll'
7021f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7031f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7051f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7061f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7071f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7081f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7091f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7101f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7111f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7121f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7131f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7141f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7151f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7161f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\Windows\System32\WINTRUST.DLL'
7171f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7181f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7191f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7201f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7211f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7221f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7231f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5702_for_KB4019472~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
7241f24.1864: g_pfnWinVerifyTrust=00007ff9ae957ff0
7251f24.1864: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7261f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7271f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7281f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7291f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7301f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7311f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7321f24.1864: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
7331f24.1864: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7341f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7351f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7361f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7371f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7381f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7391f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7401f24.1864: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
7411f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7421f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7431f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7441f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7451f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
7461f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7471f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
7481f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
7491f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
7501f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7511f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7521f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7531f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7541f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7551f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7561f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7571f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7581f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7591f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
7601f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7611f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7621f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7631f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
7641f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7651f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7661f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7671f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
7681f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7691f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7701f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7711f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
7721f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7731f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7741f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7751f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
7761f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7771f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7781f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7791f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7801f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7811f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
7821f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
7831f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7841f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7851f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7861f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
7871f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7881f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7891f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
7901f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7911f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7921f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
7931f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7951f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
7961f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
7971f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
7981f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
7991f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8001f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
8011f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
8021f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8031f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
8041f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
8051f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8061f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8071f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8081f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8091f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8101f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
8111f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
8121f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8131f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
8141f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
8151f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\system32\crypt32.dll'
8161f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8171f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8181f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8191f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8201f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8211f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8221f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8231f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8241f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8251f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8261f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8271f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8281f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8291f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8301f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8311f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8321f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8331f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
8341f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8351f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8361f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8371f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8381f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8391f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8401f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8411f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8421f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8431f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8441f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8451f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8461f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8471f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8481f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8491f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8501f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
8511f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8521f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8531f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8541f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8551f24.1864: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8561f24.1864: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=40
8571f24.1864: SUPR3HardenedMain: Load Runtime...
8581f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8591f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8601f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8611f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8621f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8631f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8641f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8651f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8671f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8681f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8701f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8711f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
8721f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8731f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
8741f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8751f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8781f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8791f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8801f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8811f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8821f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8831f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8881f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8891f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
8901f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
8911f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
8921f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8931f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8941f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8951f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8961f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8971f24.1864: supR3HardenedDllNotificationCallback: load 0000000077270000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8981f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8991f24.1864: supR3HardenedDllNotificationCallback: load 00000000771d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9001f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
9011f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af900000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
9021f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9031f24.1864: supR3HardenedDllNotificationCallback: load 00007ff977690000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9051f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9061f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9071f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9081f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9091f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9111f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9121f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9141f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9151f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9161f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9171f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9181f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9191f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9201f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9211f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9221f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9231f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9241f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9251f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9261f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9271f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9281f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9291f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9301f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9311f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9321f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9331f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9341f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9351f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9361f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9371f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9381f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9391f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9401f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9411f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9421f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9431f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9441f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9451f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9461f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9471f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9481f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9491f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9501f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9511f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9521f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9531f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9541f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9551f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff977690000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9561f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae950000 'C:\WINDOWS\system32\Wintrust.dll'
9571f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
9581f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
9591f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9601f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9611f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
9621f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
9631f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\system32\crypt32.dll'
9641f24.1864: SUPR3HardenedMain: Load TrustedMain...
9651f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
9661f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9671f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9681f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9691f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9701f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9711f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9721f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9731f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9741f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9751f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9771f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9781f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9791f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9801f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
9811f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
9821f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
9831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9851f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
9861f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
9871f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9881f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9891f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
9901f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
9911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9931f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9941f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9951f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9961f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9971f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9981f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
9991f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10001f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
10011f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
10021f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10031f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10041f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
10051f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
10061f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
10071f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10081f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
10091f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10101f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
10111f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
10121f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
10131f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
10141f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10151f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10161f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10171f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10181f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
10191f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10201f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10211f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
10221f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10231f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
10241f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
10251f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
10261f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10271f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10281f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
10291f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
10301f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
10311f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10321f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10331f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10341f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10351f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10361f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
10371f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
10381f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
10391f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
10401f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
10411f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
10421f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
10431f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
10441f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10451f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10461f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10471f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10481f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
10491f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10501f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10511f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
10521f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10531f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
10541f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
10551f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
10561f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10581f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
10591f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10601f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
10611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10621f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10631f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10641f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10651f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10671f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10681f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
10691f24.1864: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
10701f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
10711f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
10721f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
10731f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
10741f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10751f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
10761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
10771f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
10781f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
10791f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10801f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10811f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
10821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10841f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
10851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10871f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10881f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10891f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10901f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10931f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
10941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
10951f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
10961f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
10971f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10981f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10991f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
11001f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
11011f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
11021f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
11031f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11041f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
11051f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
11061f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
11071f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
11081f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11091f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11101f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11111f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11131f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
11141f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11151f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
11161f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
11171f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
11181f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11191f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
11201f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
11211f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
11221f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
11231f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
11241f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11251f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11261f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
11271f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
11281f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
11291f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
11301f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11311f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
11321f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11331f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11341f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
11351f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
11361f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
11371f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
11381f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
11391f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11401f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11411f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11421f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11431f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11441f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11451f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11461f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11471f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11481f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11491f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11501f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11511f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11521f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11531f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11541f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11551f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11561f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
11571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11581f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11591f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11621f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11631f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11641f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11651f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
11661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11671f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11681f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11701f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11711f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11721f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11731f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11741f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11751f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11771f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11781f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11791f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11801f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
11811f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11831f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11861f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
11871f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11881f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11891f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
11901f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
11911f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
11921f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
11931f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
11941f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
11951f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11961f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11971f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
11981f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11991f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12001f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12011f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12021f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12031f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12041f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
12051f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
12061f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
12071f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
12081f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
12091f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12101f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12111f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
12121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12131f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12141f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12151f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12161f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12171f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
12181f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12191f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12201f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
12211f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12221f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12231f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12241f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12251f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12261f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12271f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12281f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12291f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
12301f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12311f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
12321f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
12331f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
12341f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
12351f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
12361f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12371f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12381f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
12391f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12401f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12411f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12421f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
12431f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
12441f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12451f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12461f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12471f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12481f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12491f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12501f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12511f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12521f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12531f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12541f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12551f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12561f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12581f24.1864: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12591f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
12621f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
12631f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
12641f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12651f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
12661f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12671f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
12681f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
12691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12701f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12711f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12721f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12731f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12741f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12751f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12781f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12791f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12801f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12811f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12841f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
12851f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12861f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12871f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12881f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12891f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12901f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12911f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
12921f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
12931f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
12941f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
12951f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12961f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12971f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
12981f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12991f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13001f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13011f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13021f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13031f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
13041f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13051f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
13061f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'.
13071f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
13081f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'.
13091f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'.
13101f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
13111f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
13121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13131f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13141f24.1864: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
13151f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13161f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
13171f24.1864: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
13181f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
13191f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13201f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13211f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13221f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13231f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13241f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13251f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13261f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13271f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13281f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13291f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13301f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13311f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13321f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13331f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13341f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13351f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
13361f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13371f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13381f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13391f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13401f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
13411f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13421f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13431f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
13441f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13451f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13461f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13471f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
13481f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
13491f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13501f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13511f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13521f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13531f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13541f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
13551f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13561f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
13571f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
13581f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
13591f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
13601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13621f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13631f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13641f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13651f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13671f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13681f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13701f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13711f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13721f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13731f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13741f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13751f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13781f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
13791f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
13801f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13811f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13831f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13841f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
13851f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13881f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
13891f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
13901f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
13911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13931f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
13951f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
13961f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13971f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13981f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13991f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14001f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14011f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14021f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14031f24.1864: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14041f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
14051f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
14061f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
14071f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
14081f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
14091f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
14101f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14111f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14121f24.1864: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14131f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14141f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
14151f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14161f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14171f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14181f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14191f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14201f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14211f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
14221f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14231f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14241f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14251f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14261f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14271f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14281f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14291f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll)
14301f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll
14311f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14321f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14331f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9aea60000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
14341f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
14351f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1310000 LB 0x00165000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
14361f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adf20000 LB 0x00180000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14371f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
14381f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14391f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
14401f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
14411f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
14421f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1750000 LB 0x00034000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
14431f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14441f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9935a0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14451f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14461f24.1864: supR3HardenedDllNotificationCallback: load 00007ff98edc0000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
14471f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14481f24.1864: supR3HardenedDllNotificationCallback: load 00007ff98f690000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14491f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14501f24.1864: supR3HardenedDllNotificationCallback: load 00007ff98f1b0000 LB 0x00123000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14511f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14521f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9aeb30000 LB 0x00042000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
14531f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
14541f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
14551f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af420000 LB 0x002c8000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
14561f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14571f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adc00000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
14581f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14591f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
14601f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
14611f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b0e90000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
14621f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14631f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9adc80000 LB 0x0000f000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14641f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14651f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14661f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
14671f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
14681f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ae9b0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
14691f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14701f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14711f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
14721f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
14731f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
14741f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ae0a0000 LB 0x006da000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
14751f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
14771f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
14781f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
14791f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
14801f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
14811f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af980000 LB 0x01508000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
14821f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
14831f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af6f0000 LB 0x00138000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
14841f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14851f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ac390000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
14861f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14871f24.1864: supR3HardenedDllNotificationCallback: load 0000000076c60000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
14881f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14891f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9767a0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
14901f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14911f24.1864: supR3HardenedDllNotificationCallback: load 00000000766f0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
14921f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14931f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a7320000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14941f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14951f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a3350000 LB 0x000ac000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\COMCTL32.dll [fFlags=0x0]
14961f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll [avoiding WinVerifyTrust]
14971f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af280000 LB 0x000fa000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
14981f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
14991f24.1864: supR3HardenedDllNotificationCallback: load 00007ff99b6d0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
15001f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15011f24.1864: supR3HardenedDllNotificationCallback: load 0000000076690000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
15021f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15031f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9aeb80000 LB 0x0009c000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
15041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
15051f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1510000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15061f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15071f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ab6e0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
15081f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15091f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ab710000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
15101f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
15111f24.1864: supR3HardenedDllNotificationCallback: load 00007ff976da0000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15121f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
15131f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
15141f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
15151f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
15161f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
15171f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
15181f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
15191f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
15201f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
15211f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
15221f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
15231f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15241f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15251f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll'.
15261f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll' [rescheduled]
15271f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
15281f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
15291f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
15301f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
15311f24.1864: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
15321f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
15331f24.1864: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
15341f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
15351f24.1864: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
15361f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
15371f24.1864: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
15381f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
15391f24.1864: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
15401f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
15411f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
15421f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
15431f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15441f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
15451f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
15461f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
15471f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
15481f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
15491f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15501f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15511f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
15521f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
15531f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
15541f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15551f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
15561f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
15571f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
15581f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15591f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15601f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15611f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15621f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
15631f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15641f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15651f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15671f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
15681f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15701f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
15711f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15721f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
15731f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15741f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15751f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15781f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15791f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
15801f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15811f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
15821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15861f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
15871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15881f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15891f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15901f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15931f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15941f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15951f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15961f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15971f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
15981f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15991f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16001f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16011f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16021f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16031f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16041f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
16051f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
16061f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16071f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16081f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16091f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16101f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16111f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
16121f24.1864: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
16131f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16141f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16151f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16161f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16171f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b1680000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16181f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16191f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1680000 'C:\WINDOWS\system32\IMM32.DLL'
16201f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16211f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
16221f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16231f24.1864: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16241f24.1864: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
16251f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16261f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1680000 'C:\WINDOWS\System32\imm32.dll'
16271f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16281f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16291f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1050000 'C:\WINDOWS\System32\kernel32.dll'
16301f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16311f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-string-l1-1-0'
16321f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16331f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-datetime-l1-1-1'
16341f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16351f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-localization-obsolete-l1-2-0'
16361f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16371f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16381f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b15d0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16391f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff976da0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16401f24.1864: SUPR3HardenedMain: Calling TrustedMain (00007ff976da1610)...
16411f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
16421f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16431f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
16441f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16451f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16461f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16471f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
16481f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16491f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16501f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16511f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16521f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16531f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16541f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16551f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16561f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16581f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16591f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16621f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16631f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16641f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16651f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16661f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16671f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16681f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16691f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16701f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16711f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16721f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16731f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16741f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16751f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16771f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16781f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
16791f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
16801f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
16811f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16831f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16851f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16881f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16891f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
16901f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
16911f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
16921f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16931f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16941f24.1864: supR3HardenedDllNotificationCallback: load 00007ff97a700000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16951f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16961f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97a700000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16971f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16981f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
16991f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
17001f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5062D9B170D174E6DFFCD301D2C820A76C92F7CA
17011f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
17021f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
17031f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
17041f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17051f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17061f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
17071f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
17081f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
17091f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17101f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17111f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17131f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17141f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17151f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17161f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17171f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17181f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17191f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ab950000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17201f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17211f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab950000 'C:\WINDOWS\system32\uxtheme.dll'
17221f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1310000 'C:\WINDOWS\system32\user32.dll'
17231f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17241f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17251f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\shell32.dll'
17261f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
17271f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
17281f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
17291f24.1864: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
17301f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17311f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae9b0000 'C:\WINDOWS\system32\SHCore.dll'
17321f24.1864: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17331f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17341f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
17351f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17361f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'win32u.dll'.
17371f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
17381f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
17391f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
17401f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
17411f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ab1f0000 LB 0x00026000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17421f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17431f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17441f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17451f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17461f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17471f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17481f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17491f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17501f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17511f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17521f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
17531f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
17541f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
17551f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
17561f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17571f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab710000 'C:\WINDOWS\system32\winmm.dll'
17581f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
17591f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17601f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab710000 'C:\WINDOWS\system32\winmm.dll'
17611f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17621f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17631f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\shell32.dll'
17641f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17651f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17661f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab950000 'C:\WINDOWS\system32\uxtheme.dll'
17671f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17681f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17691f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b15d0000 'C:\WINDOWS\system32\advapi32.dll'
17701f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
17711f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
17721f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
17731f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'profapi.dll'.
17741f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
17751f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
17761f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17771f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17781f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
17791f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17801f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17811f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17821f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
17831f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ad070000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
17841f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
17851f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ad070000 'C:\WINDOWS\system32\userenv.dll'
17861f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
17871f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17881f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1050000 'C:\WINDOWS\System32\kernel32.dll'
17891f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9af380000 LB 0x0009f000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
17901f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17911f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17921f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
17931f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
17941f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17951f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17961f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
17971f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17981f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17991f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
18001f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
18011f24.26e8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
18021f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
18031f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18041f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18051f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18061f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18071f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18081f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18091f24.26e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18101f24.26e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18111f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18121f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18131f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18141f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18151f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18161f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18171f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18181f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18191f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18201f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18211f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18221f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18231f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18241f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18251f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18261f24.26e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18271f24.26e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18281f24.26e8: supR3HardenedDllNotificationCallback: load 00007ff9762a0000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18291f24.26e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18301f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9762a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18311f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
18321f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18331f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18341f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18351f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
18361f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18371f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18381f24.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18391f24.26e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18401f24.26e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18411f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18421f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18431f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18441f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18451f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18461f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18471f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18481f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18491f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18501f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18511f24.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18521f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
18531f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
18541f24.26e8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
18551f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18561f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18571f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18581f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18591f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18601f24.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18611f24.26e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18621f24.26e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18631f24.26e8: supR3HardenedDllNotificationCallback: load 00007ff99b610000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
18641f24.26e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18651f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff99b610000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
18661f24.26e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18671f24.26e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18681f24.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1510000 'C:\Windows\System32\oleaut32.dll'
18691f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1750000 'C:\WINDOWS\system32\gdi32.dll'
18701f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
18711f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18721f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\shell32.dll'
18731f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9b0ef0000 LB 0x0015a000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18741f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18751f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
18761f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
18771f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
18781f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'.
18791f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
18801f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
18811f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18821f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18831f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
18841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18881f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18891f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18901f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18911f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18931f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
18941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
18951f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
18961f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
18971f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
18981f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
18991f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F41B1C1088B7141EC40BC3A829C8A08D763971F
19001f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19011f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19021f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1230_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
19031f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19041f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19051f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19061f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
19071f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
19081f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
19091f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
19101f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19111f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19131f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19141f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19151f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19161f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19171f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
19181f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19191f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19201f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19211f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19221f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19231f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19241f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19251f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19261f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19271f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19281f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19291f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19301f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
19311f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
19321f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19331f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19341f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19351f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
19361f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19371f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19381f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19391f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19401f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19411f24.1864: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
19421f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19431f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19441f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
19451f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
19461f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19471f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19481f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19491f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19501f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19511f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19521f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19531f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19541f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19551f24.1864: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
19561f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19581f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
19591f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19611f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19621f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19631f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19641f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19651f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19661f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9ac290000 LB 0x0009f000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19671f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19681f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a84b0000 LB 0x002b6000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19691f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19701f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a8b20000 LB 0x00151000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19711f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19721f24.1864: supR3HardenedDllNotificationCallback: load 00007ff98f830000 LB 0x00049000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19731f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19741f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98f830000 'C:\WINDOWS\system32\dataexchange.dll'
19751f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19761f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19771f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
19781f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19791f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
19801f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
19811f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
19821f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
19831f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
19841f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9abc50000 LB 0x0011c000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19851f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19881f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
19891f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
19901f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
19911f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
19921f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19931f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19941f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19951f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19961f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
19971f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
19981f24.1864: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
19991f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
20001f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20011f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b0ef0000 'C:\WINDOWS\System32\MSCTF.dll'
20021f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\shell32.dll'
20031f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\shell32.dll'
20041f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
20051f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20061f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab1f0000 'C:\WINDOWS\system32\dwmapi.dll'
20071f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
20081f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20091f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab950000 'C:\WINDOWS\system32\uxtheme.dll'
20101f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
20111f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20121f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab1f0000 'C:\WINDOWS\system32\dwmapi.dll'
20131f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20141f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20151f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af6f0000 'C:\WINDOWS\System32\ole32.dll'
20161f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
20171f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20181f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1510000 'C:\WINDOWS\System32\OLEAUT32.dll'
20191f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000998 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20201f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
20211f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
20221f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A290917802D4CF47EA48D3329EF360233350A583
20231f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
20241f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20251f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
20261f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
20271f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
20281f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20291f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20301f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20311f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20321f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20331f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20341f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20351f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
20361f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
20371f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
20381f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
20391f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C43FEE2E561B2B0F306322C4D857AFC8E83D17B
20401f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
20411f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
20421f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
20431f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20441f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20451f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
20461f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
20471f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
20481f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
20491f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20501f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20511f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
20521f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20531f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20541f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20551f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20561f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
20571f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20581f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20591f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
20601f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20611f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20621f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20631f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20641f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
20651f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a5a70000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
20661f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
20671f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a5af0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
20681f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20691f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20701f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
20711f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a5af0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
20721f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000adc pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
20731f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
20741f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
20751f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD02F2EC1572091695F4D052CCF68BAA380A2D88
20761f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
20771f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
20781f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
20791f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20801f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20811f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
20821f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
20831f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
20841f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20851f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20861f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20871f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20881f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20891f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
20901f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a54a0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
20911f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
20921f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a54a0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
20931f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20941f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-localization-l1-2-0.dll'
20951f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20961f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9adc90000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
20971f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
20981f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000c870d0
20991f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000c870d0
21001f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37158B4AFADBDB40075A00539346B570E4EDE30C
21011f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21021f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
21031f24.1864: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
21041f24.1864: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21051f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21061f24.1864: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21071f24.1864: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21081f24.1864: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21091f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21101f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21111f24.1864: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21121f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21131f24.1864: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21141f24.1864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21151f24.1864: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21161f24.1864: supR3HardenedDllNotificationCallback: load 00007ff9a54e0000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21171f24.1864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21181f24.1864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a54e0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21191f24.1508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21201f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21211f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21221f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21231f24.1508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21241f24.1508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21251f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21261f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21271f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
21281f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
21291f24.1508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21301f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
21311f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21321f24.1508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
21331f24.1508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
21341f24.1508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
21351f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21361f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21371f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21381f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21391f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21401f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21411f24.1508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21421f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21431f24.1508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21441f24.1508: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21451f24.1508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21461f24.1508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
21471f24.1508: supR3HardenedDllNotificationCallback: load 0000000076580000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
21481f24.1508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
21491f24.1508: supR3HardenedDllNotificationCallback: load 00007ff975cc0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
21501f24.1508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21511f24.1508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff975cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
21521f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21531f24.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21541f24.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21551f24.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
21561f24.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21571f24.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21581f24.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
21591f24.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21601f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21611f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21621f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21631f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21641f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
21651f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
21661f24.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21671f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21681f24.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21691f24.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21701f24.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21711f24.29b8: supR3HardenedDllNotificationCallback: load 00007ff9ac4a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
21721f24.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
21731f24.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ac4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
21741f24.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b1310000 'C:\WINDOWS\system32\User32.dll'
21751f24.1a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21761f24.1a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21771f24.1a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21781f24.1a58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21791f24.1a58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
21801f24.1a58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21811f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21821f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21831f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21841f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21851f24.1a58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
21861f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21871f24.1a58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21881f24.1a58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21891f24.1a58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21901f24.1a58: supR3HardenedDllNotificationCallback: load 00007ff9ab340000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
21911f24.1a58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
21921f24.1a58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab340000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
21931f24.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
21941f24.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21951f24.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21961f24.ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21971f24.ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
21981f24.ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
21991f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22001f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22011f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22021f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22031f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22041f24.ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22051f24.ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22061f24.ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22071f24.ab0: supR3HardenedDllNotificationCallback: load 00007ff9ab2e0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22081f24.ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22091f24.ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ab2e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22101f24.a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22111f24.a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22121f24.a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22131f24.a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22141f24.a9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
22151f24.a9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22161f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22171f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22181f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22191f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22201f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22211f24.a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22221f24.a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22231f24.a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22241f24.a9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22251f24.a9c: supR3HardenedDllNotificationCallback: load 00007ff9a3940000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
22261f24.a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22271f24.a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9a3940000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
22281f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9af980000 'C:\WINDOWS\system32\Shell32.dll'
22291f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22301f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22311f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22321f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22331f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22341f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22351f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22361f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
22371f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22381f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22391f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
22401f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
22411f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
22421f24.29bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
22431f24.29bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
22441f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
22451f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
22461f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22471f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
22481f24.29bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
22491f24.29bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
22501f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22511f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22521f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22531f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22541f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22551f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22561f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
22571f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
22581f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22591f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ae780000 'C:\WINDOWS\System32\crypt32.dll'
22601f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22611f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
22621f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
22631f24.29bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
22641f24.29bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
22651f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22661f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22671f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
22681f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
22691f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
22701f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
22711f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
22721f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22731f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22741f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22751f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22761f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
22771f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22781f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22791f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22801f24.29bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
22811f24.29bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
22821f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
22831f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
22841f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22851f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22861f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22871f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22881f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
22891f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22901f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22911f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22921f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
22931f24.29bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
22941f24.29bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
22951f24.29bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
22961f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22971f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22981f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22991f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23001f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23011f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23021f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23031f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23041f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23051f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23061f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23071f24.29bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23081f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23091f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23101f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23111f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23121f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23131f24.29bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23141f24.29bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23151f24.29bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23161f24.29bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23171f24.29bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23181f24.29bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
23191f24.29bc: supR3HardenedDllNotificationCallback: load 00007ff9aee50000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
23201f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23211f24.29bc: supR3HardenedDllNotificationCallback: load 00007ff985300000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
23221f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23231f24.29bc: supR3HardenedDllNotificationCallback: load 00007ff9790c0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
23241f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23251f24.29bc: supR3HardenedDllNotificationCallback: load 00007ff9acf70000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
23261f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
23271f24.29bc: supR3HardenedDllNotificationCallback: load 00007ff971d00000 LB 0x009b1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23281f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23291f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff971d00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
23301f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
23311f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
23321f24.29bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23331f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9762a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
23341f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
23351f24.29bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23361f24.29bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23371f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9790c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
23381f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
23391f24.29bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'
23401f24.2a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9ace00000 'C:\WINDOWS\system32\rsaenh.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy