VirtualBox

Ticket #18212: VBoxHardening.log

File VBoxHardening.log, 293.6 KB (added by Jacob Klein, 6 years ago)
Line 
13bc4.2f24: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0456300
23bc4.2f24: \SystemRoot\System32\ntdll.dll:
33bc4.2f24: CreationTime: 2018-12-16T05:43:30.962919400Z
43bc4.2f24: LastWriteTime: 2018-12-16T05:43:31.025415000Z
53bc4.2f24: ChangeTime: 2018-12-20T14:02:11.827099200Z
63bc4.2f24: FileAttributes: 0x20
73bc4.2f24: Size: 0x1e7010
83bc4.2f24: NT Headers: 0xe0
93bc4.2f24: Timestamp: 0xe8b54827
103bc4.2f24: Machine: 0x8664 - amd64
113bc4.2f24: Timestamp: 0xe8b54827
123bc4.2f24: Image Version: 10.0
133bc4.2f24: SizeOfImage: 0x1ed000 (2019328)
143bc4.2f24: Resource Dir: 0x17d000 LB 0x6ea08
153bc4.2f24: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163bc4.2f24: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173bc4.2f24: ProductName: Microsoft® Windows® Operating System
183bc4.2f24: ProductVersion: 10.0.17763.194
193bc4.2f24: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
203bc4.2f24: FileDescription: NT Layer DLL
213bc4.2f24: \SystemRoot\System32\kernel32.dll:
223bc4.2f24: CreationTime: 2018-09-15T07:28:44.342269900Z
233bc4.2f24: LastWriteTime: 2018-09-15T07:28:44.342269900Z
243bc4.2f24: ChangeTime: 2018-10-02T21:38:41.549316500Z
253bc4.2f24: FileAttributes: 0x20
263bc4.2f24: Size: 0xb1380
273bc4.2f24: NT Headers: 0xe8
283bc4.2f24: Timestamp: 0x65614da1
293bc4.2f24: Machine: 0x8664 - amd64
303bc4.2f24: Timestamp: 0x65614da1
313bc4.2f24: Image Version: 10.0
323bc4.2f24: SizeOfImage: 0xb3000 (733184)
333bc4.2f24: Resource Dir: 0xb1000 LB 0x520
343bc4.2f24: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353bc4.2f24: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363bc4.2f24: ProductName: Microsoft® Windows® Operating System
373bc4.2f24: ProductVersion: 10.0.17763.1
383bc4.2f24: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
393bc4.2f24: FileDescription: Windows NT BASE API Client DLL
403bc4.2f24: \SystemRoot\System32\KernelBase.dll:
413bc4.2f24: CreationTime: 2018-11-13T17:20:16.639963900Z
423bc4.2f24: LastWriteTime: 2018-11-13T17:20:16.686852200Z
433bc4.2f24: ChangeTime: 2018-12-20T14:02:11.811474000Z
443bc4.2f24: FileAttributes: 0x20
453bc4.2f24: Size: 0x293cc8
463bc4.2f24: NT Headers: 0xf8
473bc4.2f24: Timestamp: 0x1659a33b
483bc4.2f24: Machine: 0x8664 - amd64
493bc4.2f24: Timestamp: 0x1659a33b
503bc4.2f24: Image Version: 10.0
513bc4.2f24: SizeOfImage: 0x293000 (2699264)
523bc4.2f24: Resource Dir: 0x26f000 LB 0x548
533bc4.2f24: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543bc4.2f24: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553bc4.2f24: ProductName: Microsoft® Windows® Operating System
563bc4.2f24: ProductVersion: 10.0.17763.134
573bc4.2f24: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
583bc4.2f24: FileDescription: Windows NT BASE API Client DLL
593bc4.2f24: \SystemRoot\System32\apisetschema.dll:
603bc4.2f24: CreationTime: 2018-09-15T07:28:25.403122600Z
613bc4.2f24: LastWriteTime: 2018-09-15T07:28:25.403122600Z
623bc4.2f24: ChangeTime: 2018-10-02T21:21:58.311196600Z
633bc4.2f24: FileAttributes: 0x20
643bc4.2f24: Size: 0x1c738
653bc4.2f24: NT Headers: 0xd0
663bc4.2f24: Timestamp: 0x33775897
673bc4.2f24: Machine: 0x8664 - amd64
683bc4.2f24: Timestamp: 0x33775897
693bc4.2f24: Image Version: 10.0
703bc4.2f24: SizeOfImage: 0x1d000 (118784)
713bc4.2f24: Resource Dir: 0x1c000 LB 0x408
723bc4.2f24: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733bc4.2f24: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743bc4.2f24: ProductName: Microsoft® Windows® Operating System
753bc4.2f24: ProductVersion: 10.0.17763.1
763bc4.2f24: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
773bc4.2f24: FileDescription: ApiSet Schema DLL
783bc4.2f24: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793bc4.2f24: supR3HardenedWinFindAdversaries: 0x0
803bc4.2f24: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
813bc4.2f24: Calling main()
823bc4.2f24: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
833bc4.2f24: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
843bc4.2f24: SUPR3HardenedMain: Respawn #1
853bc4.2f24: System32: \Device\HarddiskVolume4\Windows\System32
863bc4.2f24: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
873bc4.2f24: KnownDllPath: C:\WINDOWS\System32
883bc4.2f24: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
893bc4.2f24: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
903bc4.2f24: supR3HardNtEnableThreadCreation:
913bc4.2f24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffc5105640 pvNtTerminateThread=00007fffc51300b0
923bc4.2f24: supR3HardenedWinDoReSpawn(1): New child 2de4.2fa4 [kernel32].
933bc4.2f24: supR3HardNtChildGatherData: PebBaseAddress=000000000053b000 cbPeb=0x388
943bc4.2f24: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffc5090000 uNtDllChildAddr=00007fffc5090000
953bc4.2f24: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffc5105640
963bc4.2f24: supR3HardenedWinSetupChildInit: Start child.
973bc4.2f24: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
983bc4.2f24: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
993bc4.2f24: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1003bc4.2f24: *0000000000000000-00000000003bffff 0x0001/0x0000 0x0000000
1013bc4.2f24: *00000000003c0000-00000000003dffff 0x0004/0x0004 0x0020000
1023bc4.2f24: *00000000003e0000-00000000003f9fff 0x0002/0x0002 0x0040000
1033bc4.2f24: 00000000003fa000-00000000003fffff 0x0001/0x0000 0x0000000
1043bc4.2f24: *0000000000400000-000000000053afff 0x0000/0x0004 0x0020000
1053bc4.2f24: 000000000053b000-000000000053dfff 0x0004/0x0004 0x0020000
1063bc4.2f24: 000000000053e000-00000000005fffff 0x0000/0x0004 0x0020000
1073bc4.2f24: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
1083bc4.2f24: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
1093bc4.2f24: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
1103bc4.2f24: *0000000000700000-0000000000703fff 0x0002/0x0002 0x0040000
1113bc4.2f24: 0000000000704000-000000000070ffff 0x0001/0x0000 0x0000000
1123bc4.2f24: *0000000000710000-0000000000711fff 0x0004/0x0004 0x0020000
1133bc4.2f24: 0000000000712000-000000007ffdffff 0x0001/0x0000 0x0000000
1143bc4.2f24: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1153bc4.2f24: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
1163bc4.2f24: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
1173bc4.2f24: 000000007ffea000-00007ff5348effff 0x0001/0x0000 0x0000000
1183bc4.2f24: *00007ff5348f0000-00007ff5348f0fff 0x0002/0x0002 0x0040000
1193bc4.2f24: 00007ff5348f1000-00007ff5348fffff 0x0001/0x0000 0x0000000
1203bc4.2f24: *00007ff534900000-00007ff534922fff 0x0002/0x0002 0x0040000
1213bc4.2f24: 00007ff534923000-00007ff7d70fffff 0x0001/0x0000 0x0000000
1223bc4.2f24: *00007ff7d7100000-00007ff7d7100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1233bc4.2f24: 00007ff7d7101000-00007ff7d7173fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1243bc4.2f24: 00007ff7d7174000-00007ff7d7174fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1253bc4.2f24: 00007ff7d7175000-00007ff7d71bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1263bc4.2f24: 00007ff7d71bc000-00007ff7d71bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1273bc4.2f24: 00007ff7d71bd000-00007ff7d71bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1283bc4.2f24: 00007ff7d71be000-00007ff7d71c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1293bc4.2f24: 00007ff7d71c3000-00007ff7d71c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1303bc4.2f24: 00007ff7d71c4000-00007ff7d71c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1313bc4.2f24: 00007ff7d71c5000-00007ff7d71c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1323bc4.2f24: 00007ff7d71c9000-00007ff7d7211fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1333bc4.2f24: 00007ff7d7212000-00007fffc508ffff 0x0001/0x0000 0x0000000
1343bc4.2f24: *00007fffc5090000-00007fffc5090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1353bc4.2f24: 00007fffc5091000-00007fffc51a7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1363bc4.2f24: 00007fffc51a8000-00007fffc51eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1373bc4.2f24: 00007fffc51ef000-00007fffc51f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1383bc4.2f24: 00007fffc51fa000-00007fffc5207fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1393bc4.2f24: 00007fffc5208000-00007fffc5208fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1403bc4.2f24: 00007fffc5209000-00007fffc520bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1413bc4.2f24: 00007fffc520c000-00007fffc527cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1423bc4.2f24: 00007fffc527d000-00007ffffffeffff 0x0001/0x0000 0x0000000
1433bc4.2f24: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
1443bc4.2f24: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1453bc4.2f24: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1463bc4.2f24: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
1472de4.2fa4: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
1482de4.2fa4: supR3HardenedVmProcessInit: uNtDllAddr=00007fffc5090000 g_uNtVerCombined=0xa0456300
1492de4.2fa4: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
1502de4.2fa4: New simple heap: #1 0000000000820000 LB 0x400000 (for 2019328 allocation)
1513bc4.2f24: supR3HardNtEnableThreadCreation:
1522de4.2fa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1532de4.2fa4: System32: \Device\HarddiskVolume4\Windows\System32
1542de4.2fa4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1552de4.2fa4: KnownDllPath: C:\WINDOWS\System32
1562de4.2fa4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1572de4.2fa4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1582de4.2fa4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1592de4.2fa4: Registered Dll notification callback with NTDLL.
1602de4.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1612de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1622de4.2fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1632de4.2fa4: supR3HardenedDllNotificationCallback: load 00007fffc1da0000 LB 0x00293000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1642de4.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1652de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1662de4.2fa4: supR3HardenedDllNotificationCallback: load 00007fffc4540000 LB 0x000b3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1672de4.2fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1682de4.2fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4540000 'C:\WINDOWS\System32\KERNEL32.DLL'
1692de4.2fa4: supR3HardenedDllNotificationCallback: load 00007ff7d7100000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1702de4.2fa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1712de4.2fa4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1722de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1732de4.2fa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffc5105640 pvNtTerminateThread=00007fffc51300b0
1743bc4.2f24: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
1752de4.2fa4: \SystemRoot\System32\ntdll.dll:
1762de4.2fa4: CreationTime: 2018-12-16T05:43:30.962919400Z
1772de4.2fa4: LastWriteTime: 2018-12-16T05:43:31.025415000Z
1782de4.2fa4: ChangeTime: 2018-12-20T14:02:11.827099200Z
1792de4.2fa4: FileAttributes: 0x20
1802de4.2fa4: Size: 0x1e7010
1812de4.2fa4: NT Headers: 0xe0
1822de4.2fa4: Timestamp: 0xe8b54827
1832de4.2fa4: Machine: 0x8664 - amd64
1842de4.2fa4: Timestamp: 0xe8b54827
1852de4.2fa4: Image Version: 10.0
1862de4.2fa4: SizeOfImage: 0x1ed000 (2019328)
1872de4.2fa4: Resource Dir: 0x17d000 LB 0x6ea08
1882de4.2fa4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1892de4.2fa4: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1902de4.2fa4: ProductName: Microsoft® Windows® Operating System
1912de4.2fa4: ProductVersion: 10.0.17763.194
1922de4.2fa4: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
1932de4.2fa4: FileDescription: NT Layer DLL
1942de4.2fa4: \SystemRoot\System32\kernel32.dll:
1952de4.2fa4: CreationTime: 2018-09-15T07:28:44.342269900Z
1962de4.2fa4: LastWriteTime: 2018-09-15T07:28:44.342269900Z
1972de4.2fa4: ChangeTime: 2018-10-02T21:38:41.549316500Z
1982de4.2fa4: FileAttributes: 0x20
1992de4.2fa4: Size: 0xb1380
2002de4.2fa4: NT Headers: 0xe8
2012de4.2fa4: Timestamp: 0x65614da1
2022de4.2fa4: Machine: 0x8664 - amd64
2032de4.2fa4: Timestamp: 0x65614da1
2042de4.2fa4: Image Version: 10.0
2052de4.2fa4: SizeOfImage: 0xb3000 (733184)
2062de4.2fa4: Resource Dir: 0xb1000 LB 0x520
2072de4.2fa4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2082de4.2fa4: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2092de4.2fa4: ProductName: Microsoft® Windows® Operating System
2102de4.2fa4: ProductVersion: 10.0.17763.1
2112de4.2fa4: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
2122de4.2fa4: FileDescription: Windows NT BASE API Client DLL
2132de4.2fa4: \SystemRoot\System32\KernelBase.dll:
2142de4.2fa4: CreationTime: 2018-11-13T17:20:16.639963900Z
2152de4.2fa4: LastWriteTime: 2018-11-13T17:20:16.686852200Z
2162de4.2fa4: ChangeTime: 2018-12-20T14:02:11.811474000Z
2172de4.2fa4: FileAttributes: 0x20
2182de4.2fa4: Size: 0x293cc8
2192de4.2fa4: NT Headers: 0xf8
2202de4.2fa4: Timestamp: 0x1659a33b
2212de4.2fa4: Machine: 0x8664 - amd64
2222de4.2fa4: Timestamp: 0x1659a33b
2232de4.2fa4: Image Version: 10.0
2242de4.2fa4: SizeOfImage: 0x293000 (2699264)
2252de4.2fa4: Resource Dir: 0x26f000 LB 0x548
2262de4.2fa4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2272de4.2fa4: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2282de4.2fa4: ProductName: Microsoft® Windows® Operating System
2292de4.2fa4: ProductVersion: 10.0.17763.134
2302de4.2fa4: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
2312de4.2fa4: FileDescription: Windows NT BASE API Client DLL
2322de4.2fa4: \SystemRoot\System32\apisetschema.dll:
2332de4.2fa4: CreationTime: 2018-09-15T07:28:25.403122600Z
2342de4.2fa4: LastWriteTime: 2018-09-15T07:28:25.403122600Z
2352de4.2fa4: ChangeTime: 2018-10-02T21:21:58.311196600Z
2362de4.2fa4: FileAttributes: 0x20
2372de4.2fa4: Size: 0x1c738
2382de4.2fa4: NT Headers: 0xd0
2392de4.2fa4: Timestamp: 0x33775897
2402de4.2fa4: Machine: 0x8664 - amd64
2412de4.2fa4: Timestamp: 0x33775897
2422de4.2fa4: Image Version: 10.0
2432de4.2fa4: SizeOfImage: 0x1d000 (118784)
2442de4.2fa4: Resource Dir: 0x1c000 LB 0x408
2452de4.2fa4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2462de4.2fa4: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2472de4.2fa4: ProductName: Microsoft® Windows® Operating System
2482de4.2fa4: ProductVersion: 10.0.17763.1
2492de4.2fa4: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
2502de4.2fa4: FileDescription: ApiSet Schema DLL
2512de4.2fa4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2522de4.2fa4: supR3HardenedWinFindAdversaries: 0x0
2532de4.2fa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2542de4.2fa4: Calling main()
2552de4.2fa4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2562de4.2fa4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2572de4.2fa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2582de4.2fa4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2592de4.2fa4: SUPR3HardenedMain: Respawn #2
2602de4.2fa4: supR3HardNtEnableThreadCreation:
2612de4.2fa4: supR3HardenedDllNotificationCallback: load 00007fffc2370000 LB 0x00122000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
2622de4.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
2632de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
2642de4.2fa4: supR3HardenedDllNotificationCallback: load 00007fffc42b0000 LB 0x0009e000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
2652de4.2fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
2662de4.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
2672de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
2682de4.2fa4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2692de4.2fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
2702de4.2fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2712de4.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2722de4.2fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2732de4.2fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
2742de4.2fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2752de4.2fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc5090000 'C:\WINDOWS\System32\ntdll.dll'
2762de4.2fa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffc5105640 pvNtTerminateThread=00007fffc51300b0
2772de4.2fa4: supR3HardenedWinDoReSpawn(2): New child 2658.2dec [kernel32].
2782de4.2fa4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2792de4.2fa4: supR3HardNtChildGatherData: PebBaseAddress=00000000003b3000 cbPeb=0x388
2802de4.2fa4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffc5090000 uNtDllChildAddr=00007fffc5090000
2812de4.2fa4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffc5105640
2822de4.2fa4: supR3HardenedWinSetupChildInit: Start child.
2832de4.2fa4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 16 ms.
2842de4.2fa4: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
2852de4.2fa4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2862de4.2fa4: *0000000000000000-00000000000dffff 0x0001/0x0000 0x0000000
2872de4.2fa4: *00000000000e0000-00000000000fffff 0x0004/0x0004 0x0020000
2882de4.2fa4: *0000000000100000-0000000000119fff 0x0002/0x0002 0x0040000
2892de4.2fa4: 000000000011a000-000000000011ffff 0x0001/0x0000 0x0000000
2902de4.2fa4: *0000000000120000-0000000000123fff 0x0002/0x0002 0x0040000
2912de4.2fa4: 0000000000124000-000000000012ffff 0x0001/0x0000 0x0000000
2922de4.2fa4: *0000000000130000-0000000000131fff 0x0004/0x0004 0x0020000
2932de4.2fa4: 0000000000132000-00000000001fffff 0x0001/0x0000 0x0000000
2942de4.2fa4: *0000000000200000-00000000003b2fff 0x0000/0x0004 0x0020000
2952de4.2fa4: 00000000003b3000-00000000003b5fff 0x0004/0x0004 0x0020000
2962de4.2fa4: 00000000003b6000-00000000003fffff 0x0000/0x0004 0x0020000
2972de4.2fa4: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
2982de4.2fa4: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
2992de4.2fa4: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
3002de4.2fa4: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
3012de4.2fa4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3022de4.2fa4: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
3032de4.2fa4: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
3042de4.2fa4: 000000007ffea000-00007ff5ac51ffff 0x0001/0x0000 0x0000000
3052de4.2fa4: *00007ff5ac520000-00007ff5ac520fff 0x0002/0x0002 0x0040000
3062de4.2fa4: 00007ff5ac521000-00007ff5ac52ffff 0x0001/0x0000 0x0000000
3072de4.2fa4: *00007ff5ac530000-00007ff5ac552fff 0x0002/0x0002 0x0040000
3082de4.2fa4: 00007ff5ac553000-00007ff7d70fffff 0x0001/0x0000 0x0000000
3092de4.2fa4: *00007ff7d7100000-00007ff7d7100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3102de4.2fa4: 00007ff7d7101000-00007ff7d7173fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3112de4.2fa4: 00007ff7d7174000-00007ff7d7174fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3122de4.2fa4: 00007ff7d7175000-00007ff7d71bbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3132de4.2fa4: 00007ff7d71bc000-00007ff7d71bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3142de4.2fa4: 00007ff7d71bd000-00007ff7d71bdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3152de4.2fa4: 00007ff7d71be000-00007ff7d71c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3162de4.2fa4: 00007ff7d71c3000-00007ff7d71c3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3172de4.2fa4: 00007ff7d71c4000-00007ff7d71c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3182de4.2fa4: 00007ff7d71c5000-00007ff7d71c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3192de4.2fa4: 00007ff7d71c9000-00007ff7d7211fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3202de4.2fa4: 00007ff7d7212000-00007fffc508ffff 0x0001/0x0000 0x0000000
3212de4.2fa4: *00007fffc5090000-00007fffc5090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3222de4.2fa4: 00007fffc5091000-00007fffc51a7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3232de4.2fa4: 00007fffc51a8000-00007fffc51eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3242de4.2fa4: 00007fffc51ef000-00007fffc51f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3252de4.2fa4: 00007fffc51fa000-00007fffc5207fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3262de4.2fa4: 00007fffc5208000-00007fffc5208fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3272de4.2fa4: 00007fffc5209000-00007fffc520bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3282de4.2fa4: 00007fffc520c000-00007fffc527cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3292de4.2fa4: 00007fffc527d000-00007ffffffeffff 0x0001/0x0000 0x0000000
3302de4.2fa4: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
3312de4.2fa4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3322de4.2fa4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3332de4.2fa4: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
3342658.2dec: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
3352658.2dec: supR3HardenedVmProcessInit: uNtDllAddr=00007fffc5090000 g_uNtVerCombined=0xa0456300
3362658.2dec: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
3372658.2dec: New simple heap: #1 0000000000600000 LB 0x400000 (for 2019328 allocation)
3382de4.2fa4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000820000 LB 0x400000)
3392de4.2fa4: supR3HardNtEnableThreadCreation:
3402658.2dec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3412658.2dec: System32: \Device\HarddiskVolume4\Windows\System32
3422658.2dec: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3432658.2dec: KnownDllPath: C:\WINDOWS\System32
3442658.2dec: supR3HardenedVmProcessInit: Opening vboxdrv...
3452658.2dec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3462658.2dec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3472658.2dec: Registered Dll notification callback with NTDLL.
3482658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3492658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3502658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3512658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1da0000 LB 0x00293000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3522658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3532658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3542658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4540000 LB 0x000b3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3552658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3562658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4540000 'C:\WINDOWS\System32\KERNEL32.DLL'
3572658.2dec: supR3HardenedDllNotificationCallback: load 00007ff7d7100000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3582658.2dec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3592658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3602658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3612658.2dec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffc5105640 pvNtTerminateThread=00007fffc51300b0
3622de4.2fa4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
3632658.2dec: \SystemRoot\System32\ntdll.dll:
3642658.2dec: CreationTime: 2018-12-16T05:43:30.962919400Z
3652658.2dec: LastWriteTime: 2018-12-16T05:43:31.025415000Z
3662658.2dec: ChangeTime: 2018-12-20T14:02:11.827099200Z
3672658.2dec: FileAttributes: 0x20
3682658.2dec: Size: 0x1e7010
3692658.2dec: NT Headers: 0xe0
3702658.2dec: Timestamp: 0xe8b54827
3712658.2dec: Machine: 0x8664 - amd64
3722658.2dec: Timestamp: 0xe8b54827
3732658.2dec: Image Version: 10.0
3742658.2dec: SizeOfImage: 0x1ed000 (2019328)
3752658.2dec: Resource Dir: 0x17d000 LB 0x6ea08
3762658.2dec: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3772658.2dec: [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3782658.2dec: ProductName: Microsoft® Windows® Operating System
3792658.2dec: ProductVersion: 10.0.17763.194
3802658.2dec: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
3812658.2dec: FileDescription: NT Layer DLL
3822658.2dec: \SystemRoot\System32\kernel32.dll:
3832658.2dec: CreationTime: 2018-09-15T07:28:44.342269900Z
3842658.2dec: LastWriteTime: 2018-09-15T07:28:44.342269900Z
3852658.2dec: ChangeTime: 2018-10-02T21:38:41.549316500Z
3862658.2dec: FileAttributes: 0x20
3872658.2dec: Size: 0xb1380
3882658.2dec: NT Headers: 0xe8
3892658.2dec: Timestamp: 0x65614da1
3902658.2dec: Machine: 0x8664 - amd64
3912658.2dec: Timestamp: 0x65614da1
3922658.2dec: Image Version: 10.0
3932658.2dec: SizeOfImage: 0xb3000 (733184)
3942658.2dec: Resource Dir: 0xb1000 LB 0x520
3952658.2dec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3962658.2dec: [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3972658.2dec: ProductName: Microsoft® Windows® Operating System
3982658.2dec: ProductVersion: 10.0.17763.1
3992658.2dec: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
4002658.2dec: FileDescription: Windows NT BASE API Client DLL
4012658.2dec: \SystemRoot\System32\KernelBase.dll:
4022658.2dec: CreationTime: 2018-11-13T17:20:16.639963900Z
4032658.2dec: LastWriteTime: 2018-11-13T17:20:16.686852200Z
4042658.2dec: ChangeTime: 2018-12-20T14:02:11.811474000Z
4052658.2dec: FileAttributes: 0x20
4062658.2dec: Size: 0x293cc8
4072658.2dec: NT Headers: 0xf8
4082658.2dec: Timestamp: 0x1659a33b
4092658.2dec: Machine: 0x8664 - amd64
4102658.2dec: Timestamp: 0x1659a33b
4112658.2dec: Image Version: 10.0
4122658.2dec: SizeOfImage: 0x293000 (2699264)
4132658.2dec: Resource Dir: 0x26f000 LB 0x548
4142658.2dec: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4152658.2dec: [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4162658.2dec: ProductName: Microsoft® Windows® Operating System
4172658.2dec: ProductVersion: 10.0.17763.134
4182658.2dec: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
4192658.2dec: FileDescription: Windows NT BASE API Client DLL
4202658.2dec: \SystemRoot\System32\apisetschema.dll:
4212658.2dec: CreationTime: 2018-09-15T07:28:25.403122600Z
4222658.2dec: LastWriteTime: 2018-09-15T07:28:25.403122600Z
4232658.2dec: ChangeTime: 2018-10-02T21:21:58.311196600Z
4242658.2dec: FileAttributes: 0x20
4252658.2dec: Size: 0x1c738
4262658.2dec: NT Headers: 0xd0
4272658.2dec: Timestamp: 0x33775897
4282658.2dec: Machine: 0x8664 - amd64
4292658.2dec: Timestamp: 0x33775897
4302658.2dec: Image Version: 10.0
4312658.2dec: SizeOfImage: 0x1d000 (118784)
4322658.2dec: Resource Dir: 0x1c000 LB 0x408
4332658.2dec: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4342658.2dec: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4352658.2dec: ProductName: Microsoft® Windows® Operating System
4362658.2dec: ProductVersion: 10.0.17763.1
4372658.2dec: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
4382658.2dec: FileDescription: ApiSet Schema DLL
4392658.2dec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4402658.2dec: supR3HardenedWinFindAdversaries: 0x0
4412658.2dec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4422658.2dec: Calling main()
4432658.2dec: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4442658.2dec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4452658.2dec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4462658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4472658.2dec: SUPR3HardenedMain: Final process, opening VBoxDrv...
4482658.2dec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
4492658.2dec: supR3HardNtEnableThreadCreation:
4502658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4512658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4522658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4532658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4542658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbc440000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4552658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4562658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4572658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4582658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbc440000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4592658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4602658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4612658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbc440000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4622658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbc440000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4632658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4642658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4652658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4662658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4672658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
4682658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4692658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4702658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4712658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4722658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4732658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4742658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4752658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
4762658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
4772658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
4782658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4792658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4802658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
4812658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
4822658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4842658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
4852658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
4862658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4882658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4892658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4902658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc24a0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4912658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4922658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc10b0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4932658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4942658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc19e0000 LB 0x000fc000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4952658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
4962658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4972658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1bc0000 LB 0x001db000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4982658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4992658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc2370000 LB 0x00122000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
5002658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5012658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1980000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5022658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5032658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5042658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5052658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-synch-l1-2-0'
5062658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5072658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5082658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-fibers-l1-1-1'
5092658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5102658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5112658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-fibers-l1-1-1'
5122658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5132658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5142658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-synch-l1-2-0'
5152658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5162658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5172658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-localization-l1-2-1'
5182658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1980000 'C:\WINDOWS\system32\Wintrust.dll'
5192658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
5202658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
5212658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5222658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1b90000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
5232658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5242658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1b90000 'C:\WINDOWS\system32\bcrypt.dll'
5252658.2dec: bcrypt.dll loaded at 00007fffc1b90000, BCryptOpenAlgorithmProvider at 00007fffc1b94d60, preloading providers:
5262658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
5272658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
5282658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5292658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1900000 LB 0x0007e000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5302658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5312658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1900000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5322658.2dec: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a8e0c0)
5332658.2dec: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a8ee20)
5342658.2dec: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a8f160)
5352658.2dec: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a8fc70)
5362658.2dec: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a8ff70)
5372658.2dec: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a90270)
5382658.2dec: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a90570)
5392658.2dec: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a90870)
5402658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc2040000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
5412658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
5422658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
5432658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5442658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
5452658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
5462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5482658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5492658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5502658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5512658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc0480000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5522658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5532658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
5542658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5552658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
5562658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
5572658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc0a90000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5582658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5592658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5602658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5612658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5622658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5632658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4540000 'C:\WINDOWS\System32\kernel32.dll'
5652658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5662658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5672658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1980000 'C:\WINDOWS\System32\WINTRUST.DLL'
5682658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5692658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5702658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\CRYPT32.dll'
5712658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc5040000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5722658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
5732658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
5742658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5752658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5762658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
5772658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc42b0000 LB 0x0009e000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
5782658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
5792658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
5802658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
5812658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5822658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5832658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
5842658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
5852658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbfda0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5862658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5872658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1130000 LB 0x00024000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
5882658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
5892658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
5902658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5912658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5922658.2dec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
5932658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
5942658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5962658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5972658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5992658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6002658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6012658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6022658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6032658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6042658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6052658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6062658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6072658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6082658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6092658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6102658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6112658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb9790000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6122658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6132658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6142658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6152658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6162658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6172658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6182658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6192658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6202658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6212658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6222658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6232658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6242658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6252658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6262658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6272658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6282658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6292658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6302658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6312658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6322658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6332658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6342658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6352658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6362658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6372658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6382658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6392658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6402658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6412658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\WINDOWS\System32\cryptnet.dll'
6422658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6432658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb9790000 'C:\Windows\System32\cryptnet.dll'
6442658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4350000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
6452658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6462658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
6472658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6482658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
6492658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
6502658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6512658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6532658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6542658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6562658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6572658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6592658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6602658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6612658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
6622658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6632658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
6652658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6662658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000acca70
6672658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
6682658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E118BAE0A2CBC497F05FE519F5B8FB6FCD99D346
6692658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6702658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6712658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc2370000 'C:\WINDOWS\System32\rpcrt4.dll'
6722658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6732658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6742658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
6752658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6762658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6772658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
6782658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_351_for_KB4471332~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
6792658.2dec: g_pfnWinVerifyTrust=00007fffc1986370
6802658.2dec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6812658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6822658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6832658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
6842658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6852658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6862658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
6872658.2dec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
6882658.2dec: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6892658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6902658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6912658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
6922658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
6932658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6942658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
6952658.2dec: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
6962658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6972658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6982658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
6992658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7002658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
7012658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7022658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
7032658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
7042658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
7052658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7062658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7072658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7082658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7092658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7102658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7112658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7122658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7132658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7142658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
7152658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7162658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7172658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7182658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
7192658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7202658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7212658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7222658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
7232658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7242658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7252658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7262658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
7272658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7282658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7292658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7302658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
7312658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7322658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7332658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7342658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7352658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7362658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
7372658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
7382658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7392658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7402658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7412658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
7422658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7432658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7442658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
7452658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7462658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7472658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
7482658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7492658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7502658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
7512658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7522658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7532658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
7542658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7552658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7562658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
7572658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7582658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7592658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
7602658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7612658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7622658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7632658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
7642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7652658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7662658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
7672658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
7682658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
7692658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
7702658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\system32\crypt32.dll'
7712658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
7722658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7732658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7742658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7752658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7762658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7772658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7782658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xaa7fdf9a3831a900 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
7792658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
7802658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7812658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
7822658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7832658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7842658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
7852658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
7862658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
7872658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
7882658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7892658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
7902658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
7912658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
7922658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
7932658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
7942658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
7952658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
7962658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
7972658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
7982658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
7992658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8002658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
8012658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8022658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8032658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8042658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8052658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8062658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
8072658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8082658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8092658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8102658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8112658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8122658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8132658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8142658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8152658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8162658.2dec: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8172658.2dec: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
8182658.2dec: SUPR3HardenedMain: Load Runtime...
8192658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
8202658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8212658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8222658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
8232658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
8242658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8252658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8262658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8272658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8282658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
8292658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
8302658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8312658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
8322658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8332658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8342658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8352658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8362658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8372658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8382658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8392658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8402658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8412658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
8422658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8432658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8442658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8452658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8482658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8492658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8502658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
8512658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
8522658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
8532658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8542658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8552658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8562658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8572658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8582658.2dec: supR3HardenedDllNotificationCallback: load 0000000066470000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8592658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8602658.2dec: supR3HardenedDllNotificationCallback: load 00000000658d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8612658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8622658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc44b0000 LB 0x0006d000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
8632658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8642658.2dec: supR3HardenedDllNotificationCallback: load 00007fff6a2f0000 LB 0x0052a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8652658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8662658.2dec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8672658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8682658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8692658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8702658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8712658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8722658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8732658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8742658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8752658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8762658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8772658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8782658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8792658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8802658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8812658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8822658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8832658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8842658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8852658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8862658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8872658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8882658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8892658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8902658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8912658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8922658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8932658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8942658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8952658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8962658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8972658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8982658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8992658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9002658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9012658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9022658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9032658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9042658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9052658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9062658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9072658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9082658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9092658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9102658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9112658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9122658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9132658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9142658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9152658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9162658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6a2f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9172658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
9182658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9192658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1980000 'C:\WINDOWS\system32\Wintrust.dll'
9202658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9212658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
9222658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9232658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9242658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9252658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
9262658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\system32\crypt32.dll'
9272658.2dec: SUPR3HardenedMain: Load TrustedMain...
9282658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9292658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9302658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
9312658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
9322658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
9332658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
9342658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
9352658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
9362658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
9372658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9382658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9392658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
9402658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
9412658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
9422658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
9432658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
9442658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9452658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9462658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9472658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
9482658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9492658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9502658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
9512658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
9522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9542658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9562658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9572658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9592658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
9602658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9612658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
9622658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
9632658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9642658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9652658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9662658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9672658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9682658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9692658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
9702658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9712658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9722658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
9732658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
9742658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9752658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9772658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9782658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9792658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9802658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9812658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9822658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
9832658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9842658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
9852658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
9862658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
9872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9882658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9892658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
9902658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
9912658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
9922658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9932658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9942658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
9952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9962658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9972658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
9982658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
9992658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
10002658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'.
10012658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
10022658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
10032658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
10042658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
10052658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10062658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10072658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10082658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10092658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
10102658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10112658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10122658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
10132658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10142658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10152658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
10162658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
10172658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10182658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10192658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
10202658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10212658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
10222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10232658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10242658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10252658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10262658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10272658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10282658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10292658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
10302658.2dec: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
10312658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
10322658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
10332658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
10342658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
10352658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10362658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10372658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
10382658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10392658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10402658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10412658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10422658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10432658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10442658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10452658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
10462658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
10472658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10482658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10492658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10502658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10512658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10522658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10542658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10562658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10572658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10592658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10602658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10612658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10622658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10632658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10642658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10652658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10662658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10672658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10682658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10692658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10702658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10712658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10722658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10732658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
10742658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10752658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
10762658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10772658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10782658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10792658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10802658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10812658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10822658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10852658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
10862658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10872658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10882658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
10892658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10902658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
10912658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10922658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10932658.2dec: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
10942658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
10952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10962658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10972658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
10992658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11002658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11012658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11022658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11032658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
11042658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11052658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'user32.dll'.
11062658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'gdi32.dll'.
11072658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
11082658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
11092658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11102658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11112658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11122658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11132658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11142658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11152658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11162658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11172658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11182658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11192658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11202658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11212658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11232658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11242658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11252658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11262658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11272658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11282658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11292658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11302658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11312658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11322658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11332658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11342658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11352658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11362658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11372658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11382658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
11392658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11402658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11412658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11422658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11432658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
11442658.2dec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
11452658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
11462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11482658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
11492658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11502658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11512658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11542658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11562658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11572658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
11582658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
11592658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
11602658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11612658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11622658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11632658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11642658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11652658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
11662658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11672658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11682658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
11692658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11702658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11712658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11722658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11732658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11742658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11752658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11772658.2dec: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
11782658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11792658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11802658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
11812658.2dec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
11822658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
11832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11852658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11862658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11882658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11892658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11902658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11912658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
11922658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11932658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11942658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
11952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11962658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11972658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11992658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12002658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12012658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12022658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12032658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12042658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12052658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12062658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12072658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12082658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12092658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12102658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12112658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12122658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
12132658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12142658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12152658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
12162658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
12172658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
12182658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12192658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12202658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
12212658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12232658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
12242658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12252658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12262658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12272658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12282658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12292658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12302658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12312658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12322658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
12332658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12342658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12352658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12362658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12372658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12382658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12392658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12402658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12412658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12422658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12432658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12442658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12452658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
12462658.2dec: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
12472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12482658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12492658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
12502658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
12512658.2dec: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
12522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12542658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
12552658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
12562658.2dec: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
12572658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12592658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12602658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
12612658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
12622658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
12632658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
12642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
12652658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
12662658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
12672658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12682658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12692658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
12702658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12712658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
12722658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
12732658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
12742658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
12752658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
12762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12772658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12782658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
12792658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
12802658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
12812658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
12822658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56
12832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12852658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
12862658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12882658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
12892658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12902658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12912658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12922658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12932658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12942658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
12962658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
12972658.2dec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
12982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12992658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13002658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13012658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13022658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13032658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13042658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13052658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13062658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13072658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13082658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
13092658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
13102658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0112~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
13112658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13122658.2dec: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
13132658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13142658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
13152658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
13162658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
13172658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13182658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13192658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
13202658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13212658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
13222658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13232658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13242658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13252658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc22a0000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
13262658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
13272658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc2200000 LB 0x000a0000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
13282658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
13292658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc2060000 LB 0x0019a000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
13302658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13312658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
13322658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
13332658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
13342658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
13352658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
13362658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc26d0000 LB 0x00029000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
13372658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
13382658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4660000 LB 0x00197000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
13392658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
13402658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbac30000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
13412658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
13422658.2dec: supR3HardenedDllNotificationCallback: load 00007fff833b0000 LB 0x00127000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
13432658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
13442658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc18b0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
13452658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
13462658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
13472658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc3f80000 LB 0x0032d000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
13482658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
13492658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4400000 LB 0x000a8000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
13502658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13512658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
13522658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
13532658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
13542658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
13552658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc10d0000 LB 0x0005d000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
13562658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
13572658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
13582658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
13592658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4800000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
13602658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13612658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
13622658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
13632658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
13642658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
13652658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1090000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
13662658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
13672658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
13682658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
13692658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
13702658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc1160000 LB 0x0074a000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
13712658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
13722658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
13732658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
13742658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
13752658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
13762658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
13772658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc28b0000 LB 0x014ef000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
13782658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
13792658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc3e20000 LB 0x00155000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
13802658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
13812658.2dec: supR3HardenedDllNotificationCallback: load 00007fffae0a0000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
13822658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
13832658.2dec: supR3HardenedDllNotificationCallback: load 0000000065ee0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
13842658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13852658.2dec: supR3HardenedDllNotificationCallback: load 00007fff69cf0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
13862658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13872658.2dec: supR3HardenedDllNotificationCallback: load 0000000065970000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
13882658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
13892658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4890000 LB 0x000cb000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
13902658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
13912658.2dec: supR3HardenedDllNotificationCallback: load 00007fff6a820000 LB 0x00592000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
13922658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
13932658.2dec: supR3HardenedDllNotificationCallback: load 0000000065870000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
13942658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13952658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbd270000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
13962658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
13972658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbd710000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
13982658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
13992658.2dec: supR3HardenedDllNotificationCallback: load 00007fff66f90000 LB 0x01f0f000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
14002658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
14012658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
14022658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
14032658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
14042658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
14052658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
14062658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
14072658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
14082658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
14092658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
14102658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
14112658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
14122658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
14132658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
14142658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
14152658.2dec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
14162658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
14172658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
14182658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
14192658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
14202658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
14212658.2dec: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14222658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
14232658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
14242658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
14252658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
14262658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
14272658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
14282658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
14292658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
14302658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
14312658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
14322658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
14332658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
14342658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
14352658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
14362658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
14372658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
14382658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
14392658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14402658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14412658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14422658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14432658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
14442658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
14452658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
14462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14482658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
14492658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
14502658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
14512658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14542658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14562658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14572658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
14582658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
14592658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
14602658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14612658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14622658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14632658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
14642658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
14652658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14662658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14672658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14682658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14692658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
14702658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
14712658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
14722658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
14732658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
14742658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14752658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14772658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14782658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
14792658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
14802658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
14812658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
14822658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
14832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14852658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
14862658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
14872658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
14882658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14892658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14902658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
14912658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
14922658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
14932658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
14942658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
14952658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
14962658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
14972658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
14982658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14992658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4540000 'C:\WINDOWS\System32\kernel32.dll'
15002658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
15012658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15022658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-string-l1-1-0'
15032658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
15042658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15052658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-datetime-l1-1-1'
15062658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
15072658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
15082658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-localization-obsolete-l1-2-0'
15092658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
15102658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15112658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
15122658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
15132658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
15142658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15152658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15162658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15172658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15182658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
15192658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15202658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15212658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
15222658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
15232658.2dec: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
15242658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15252658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4860000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
15262658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
15272658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4860000 'C:\WINDOWS\system32\IMM32.DLL'
15282658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
15292658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
15302658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15312658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15322658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4350000 'C:\WINDOWS\System32\ADVAPI32.DLL'
15332658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff66f90000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
15342658.2dec: SUPR3HardenedMain: Calling TrustedMain (00007fff66f916c0)...
15352658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
15362658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15372658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
15382658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15392658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
15402658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
15412658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
15422658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
15432658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
15442658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
15452658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
15462658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
15472658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
15482658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
15492658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15502658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15512658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15532658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15542658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15562658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15572658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15592658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15602658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15612658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15622658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
15632658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
15642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
15652658.2dec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
15662658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15672658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15682658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15692658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15702658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15712658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
15722658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15732658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15742658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15752658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
15762658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
15772658.2dec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
15782658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15792658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15802658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
15812658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
15822658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
15832658.2dec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
15842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15852658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15862658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
15872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15882658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15892658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15902658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
15912658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
15922658.2dec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
15932658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15942658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
15952658.2dec: supR3HardenedDllNotificationCallback: load 00007fff83040000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
15962658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
15972658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83040000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
15982658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15992658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
16002658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
16012658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E9C9DBAFB6FF286F236C72F471A61F524EAC54D
16022658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
16032658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
16042658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0315~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
16052658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16062658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16072658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16082658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
16092658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
16102658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16112658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16122658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16132658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16142658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16152658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16162658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16172658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16182658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16192658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbf6c0000 LB 0x0009c000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
16202658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16212658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbf6c0000 'C:\WINDOWS\system32\uxtheme.dll'
16222658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4660000 'C:\WINDOWS\system32\user32.dll'
16232658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16242658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16252658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\shell32.dll'
16262658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
16272658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
16282658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
16292658.2dec: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
16302658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16312658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4400000 'C:\WINDOWS\system32\SHCore.dll'
16322658.2dec: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
16332658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
16342658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16352658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'crypt32.dll'.
16362658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'cryptsp.dll'.
16372658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
16382658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
16392658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
16402658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
16412658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
16422658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbf9f0000 LB 0x0002e000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
16432658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
16442658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16452658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16482658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16492658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16502658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16512658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
16522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cryptsp.dll'...
16532658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cryptsp.dll' -> '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll' [rcNtRedir=0xc0150008]
16542658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
16552658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
16562658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
16572658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16582658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16592658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
16602658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
16612658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
16622658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16632658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16642658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbd710000 'C:\WINDOWS\system32\winmm.dll'
16652658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16662658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16672658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbd710000 'C:\WINDOWS\system32\winmm.dll'
16682658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16692658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16702658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\shell32.dll'
16712658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16722658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16732658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbf6c0000 'C:\WINDOWS\system32\uxtheme.dll'
16742658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16752658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16762658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4350000 'C:\WINDOWS\system32\advapi32.dll'
16772658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
16782658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
16792658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
16802658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'profapi.dll'.
16812658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
16822658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
16832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16852658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
16862658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16872658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16882658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16892658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
16902658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc0fc0000 LB 0x00028000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
16912658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
16922658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0fc0000 'C:\WINDOWS\system32\userenv.dll'
16932658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16942658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16952658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4540000 'C:\WINDOWS\System32\kernel32.dll'
16962658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc22c0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
16972658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16982658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
16992658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
17002658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
17012658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17022658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17032658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
17042658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17052658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17062658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17072658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
17082658.29b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
17092658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17102658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17112658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
17122658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
17132658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17142658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17152658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17162658.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
17172658.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17182658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17192658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17202658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17212658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17222658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17232658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17242658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17252658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17262658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17272658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17282658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17292658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17302658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17312658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17322658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17332658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17342658.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17352658.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17362658.29b8: supR3HardenedDllNotificationCallback: load 00007fff6bdd0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17372658.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17382658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6bdd0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17392658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17402658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17412658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17422658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17432658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
17442658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
17452658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
17462658.29b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17472658.29b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
17482658.29b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17492658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17502658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17512658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17522658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17532658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17542658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17552658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17562658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17572658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17582658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17592658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
17602658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17612658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
17622658.29b8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
17632658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17642658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17652658.29b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17662658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17672658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17682658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17692658.29b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17702658.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17712658.29b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17722658.29b8: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
17732658.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
17742658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff913e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
17752658.29b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17762658.29b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
17772658.29b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4890000 'C:\Windows\System32\oleaut32.dll'
17782658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc26d0000 'C:\WINDOWS\system32\gdi32.dll'
17792658.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17802658.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17812658.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17822658.284c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17832658.284c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17842658.284c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
17852658.284c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17862658.284c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17872658.284c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17882658.284c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17892658.284c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17902658.284c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17912658.284c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17922658.284c: supR3HardenedDllNotificationCallback: load 00007fffbb620000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
17932658.284c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
17942658.284c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbb620000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
17952658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17962658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17972658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\shell32.dll'
17982658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
17992658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18002658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
18012658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18022658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
18032658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18042658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18052658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18062658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
18072658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
18082658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
18092658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
18102658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
18112658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
18122658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
18132658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18142658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18152658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18162658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18172658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18182658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18192658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
18202658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
18212658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18232658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18242658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18252658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18262658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18272658.2dec: supR3HardenedDllNotificationCallback: load 0000000065760000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
18282658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18292658.2dec: supR3HardenedDllNotificationCallback: load 00007fff699c0000 LB 0x00325000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
18302658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18312658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff699c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
18322658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc4ed0000 LB 0x0016a000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
18332658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18342658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'.
18352658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
18362658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
18372658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'imm32.dll'.
18382658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
18392658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
18402658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18412658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18422658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
18432658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18442658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18452658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18482658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18492658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18502658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18512658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18522658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
18532658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
18542658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
18552658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
18562658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
18572658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
18582658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59F3AE35C1BD7FF73B733C35DF45575279B981AF
18592658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
18602658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18612658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
18622658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
18632658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0310~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
18642658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18652658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18662658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
18672658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
18682658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'd3d11.dll'.
18692658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'dcomp.dll'.
18702658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
18712658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
18722658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
18732658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
18742658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
18752658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
18762658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18772658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
18782658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'oleaut32.dll'.
18792658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dxgi.dll'.
18802658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
18812658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
18822658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
18832658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
18842658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
18852658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
18862658.2dec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
18872658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18882658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
18892658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
18902658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
18912658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18922658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18932658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18942658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18952658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18962658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
18972658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18992658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19002658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19012658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19022658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19032658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19042658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19052658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
19062658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
19072658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19082658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19092658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
19102658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
19112658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19122658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19132658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19142658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
19152658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19162658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19172658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19182658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19192658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19202658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
19212658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19232658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
19242658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
19252658.2dec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
19262658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
19272658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
19282658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
19292658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19302658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19312658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19322658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19332658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19342658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19352658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19362658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbfe20000 LB 0x000c2000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
19372658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
19382658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbd2b0000 LB 0x0027e000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
19392658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19402658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbd530000 LB 0x001c3000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
19412658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19422658.2dec: supR3HardenedDllNotificationCallback: load 00007fff9cb70000 LB 0x00056000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
19432658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19442658.2dec: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
19452658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
19462658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
19472658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19482658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc26d0000 'C:\WINDOWS\System32\gdi32.dll'
19492658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff9cb70000 'C:\WINDOWS\system32\dataexchange.dll'
19502658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
19512658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
19522658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
19532658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'msvcp_win.dll'.
19542658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
19552658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
19562658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19572658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
19582658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
19592658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
19602658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbf9c0000 LB 0x00028000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
19612658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
19622658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbf7b0000 LB 0x0020d000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
19632658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
19642658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19652658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19662658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19672658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19682658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
19692658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
19702658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
19712658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19722658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19732658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
19742658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19752658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
19772658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
19782658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
19792658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
19802658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
19812658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
19822658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
19832658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
19842658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
19852658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
19862658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19872658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4400000 'C:\WINDOWS\system32\Shcore.dll'
19882658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19892658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
19902658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
19912658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
19922658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
19932658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
19942658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19952658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
19962658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
19972658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
19982658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
19992658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20002658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
20012658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
20022658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
20032658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
20042658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
20052658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
20062658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
20072658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'bcryptprimitives.dll'.
20082658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
20092658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
20102658.2dec: supR3HardenedDllNotificationCallback: load 00007fffc0160000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
20112658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
20122658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbdeb0000 LB 0x000e2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
20132658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
20142658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbe5b0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
20152658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
20162658.2dec: supR3HardenedDllNotificationCallback: load 00007fffbae30000 LB 0x00322000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
20172658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
20182658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb13b0000 LB 0x00095000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
20192658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
20202658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
20212658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
20222658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
20232658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20242658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20252658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20262658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20272658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
20282658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20292658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20302658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20312658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20322658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20332658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20342658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
20352658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
20362658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
20372658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
20382658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20392658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20402658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
20412658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
20422658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
20432658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
20442658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
20452658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
20462658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20472658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20482658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20492658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20502658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20512658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20522658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
20532658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20542658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20552658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
20562658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20572658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20582658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
20592658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20602658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20612658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
20622658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20632658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20642658.2dec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
20652658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
20662658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20672658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4660000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
20682658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
20692658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20702658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4660000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
20712658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
20722658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20732658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc3f80000 'api-ms-win-core-com-l1-1-0.dll'
20742658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
20752658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20762658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4ed0000 'C:\WINDOWS\System32\MSCTF.dll'
20772658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20782658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20792658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\shell32.dll'
20802658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\shell32.dll'
20812658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20822658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20832658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc3e20000 'C:\WINDOWS\System32\ole32.dll'
20842658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4890000 'C:\WINDOWS\System32\OLEAUT32.dll'
20852658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b0c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20862658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
20872658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
20882658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61B08AF50BF6163BDE34EB0C9B6605297BA2441A
20892658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
20902658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
20912658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
20922658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20932658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20942658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20952658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20962658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20972658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
20982658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
20992658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21002658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b18 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21012658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
21022658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
21032658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=585E55607969886FF9DCECA6C86E3FD6D59F65D2
21042658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
21052658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
21062658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
21072658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21082658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21092658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
21102658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
21112658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
21122658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21132658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21142658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21152658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
21162658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21172658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21182658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21192658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21202658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
21212658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21222658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21232658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
21242658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21252658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21262658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21272658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
21282658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21292658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb90a0000 LB 0x00085000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21302658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21312658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb91d0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
21322658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
21332658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
21342658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21352658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21362658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb91d0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
21372658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000acc pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
21382658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
21392658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
21402658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2479751D59078C3499423233D67A94D93457E663
21412658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
21422658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
21432658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
21442658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21452658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21462658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21472658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21482658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
21492658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21502658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21512658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21522658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21532658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21542658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
21552658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb7590000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
21562658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
21572658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb7590000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
21582658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
21592658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21602658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-localization-l1-2-0.dll'
21612658.2dec: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
21622658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21632658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1da0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21642658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b70 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21652658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000acca70
21662658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000acca70
21672658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D738E4890595C8890290239456518F354997BFD
21682658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
21692658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
21702658.2dec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
21712658.2dec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21722658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21732658.2dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
21742658.2dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21752658.2dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21762658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21772658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21782658.2dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21792658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21802658.2dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21812658.2dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21822658.2dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21832658.2dec: supR3HardenedDllNotificationCallback: load 00007fffb7410000 LB 0x000f1000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21842658.2dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
21852658.2dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb7410000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21862658.28b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
21872658.28b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
21882658.28b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21892658.28b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21902658.28b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
21912658.28b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust
21922658.28b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
21932658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21942658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21952658.28b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
21962658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21972658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21982658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21992658.28b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22002658.28b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22012658.28b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
22022658.28b8: supR3HardenedDllNotificationCallback: load 00007fff83330000 LB 0x0007d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0]
22032658.28b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
22042658.28b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff83330000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL'
22052658.28c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22062658.28c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
22072658.28c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
22082658.28c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
22092658.28c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
22102658.28c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22112658.28c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22122658.28c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22132658.28c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22142658.28c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22152658.28c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22162658.28c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22172658.28c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22182658.28c4: supR3HardenedDllNotificationCallback: load 00007fffc08c0000 LB 0x00067000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
22192658.28c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22202658.28c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc08c0000 'C:\WINDOWS\system32\mswsock.dll'
22212658.28c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22222658.28c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22232658.28c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc08c0000 'C:\WINDOWS\system32\mswsock.dll'
22242658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22252658.39ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22262658.39ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22272658.39ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22282658.39ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22292658.39ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22302658.39ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22312658.39ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22322658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22332658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22342658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22352658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22362658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22372658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22382658.39ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22392658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22402658.39ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22412658.39ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22422658.39ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22432658.39ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22442658.39ac: supR3HardenedDllNotificationCallback: load 00007fffbb610000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22452658.39ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22462658.39ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbb610000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22472658.39ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc4660000 'C:\WINDOWS\system32\User32.dll'
22482658.3fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22492658.3fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22502658.3fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22512658.3fe8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22522658.3fe8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22532658.3fe8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22542658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22552658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22562658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22572658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22582658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22592658.3fe8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22602658.3fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22612658.3fe8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22622658.3fe8: supR3HardenedDllNotificationCallback: load 00007fffbac20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22632658.3fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22642658.3fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbac20000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22652658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc28b0000 'C:\WINDOWS\system32\Shell32.dll'
22662658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22672658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22682658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff699c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22692658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22702658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22712658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22722658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22732658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22742658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22752658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
22762658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22772658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22782658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22792658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22802658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22812658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22822658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22832658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22842658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22852658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22862658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22872658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22882658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22892658.318: supR3HardenedDllNotificationCallback: load 00007fffb73c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
22902658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
22912658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb73c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
22922658.318: supR3HardenedDllNotificationCallback: Unload 00007fffb73c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
22932658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22942658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
22952658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22962658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22972658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22982658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
22992658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23002658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23012658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23022658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23032658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23042658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23052658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23062658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23072658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23082658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23092658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
23102658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
23112658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23122658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
23132658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
23142658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23152658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
23162658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23172658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23182658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23192658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23202658.318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
23212658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23222658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23232658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23242658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23252658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
23262658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1bc0000 'C:\WINDOWS\System32\crypt32.dll'
23272658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23282658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
23292658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
23302658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
23312658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
23322658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23332658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23342658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23352658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23362658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23372658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
23382658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
23392658.318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
23402658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23412658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23422658.318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23432658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23442658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23452658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23462658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23472658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
23482658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23492658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23502658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23512658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23522658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23532658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23542658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23552658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23562658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23572658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23582658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
23592658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23602658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23612658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23622658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23632658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
23642658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23652658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23662658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23672658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23682658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23692658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23702658.318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23712658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23722658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23732658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23742658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23752658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23762658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23772658.318: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23782658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23792658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23802658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23812658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23822658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23832658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23842658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23852658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23862658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23872658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23882658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
23892658.318: supR3HardenedDllNotificationCallback: load 00007fffc4a50000 LB 0x00475000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
23902658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23912658.318: supR3HardenedDllNotificationCallback: load 00007fff8b100000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
23922658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23932658.318: supR3HardenedDllNotificationCallback: load 00007fff8b5e0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
23942658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23952658.318: supR3HardenedDllNotificationCallback: load 00007fffc0620000 LB 0x0003d000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
23962658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
23972658.318: supR3HardenedDllNotificationCallback: load 00007fff665b0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23982658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
23992658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff665b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
24002658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24012658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24022658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24032658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24042658.318: supR3HardenedDllNotificationCallback: load 00007fffb73c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24052658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24062658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb73c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24072658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24082658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
24092658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24102658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6bdd0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
24112658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24122658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24132658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24142658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8b5e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
24152658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24162658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24172658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24182658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24192658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
24202658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24212658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24222658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24232658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24242658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24252658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24262658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24272658.318: supR3HardenedDllNotificationCallback: load 00007fffb4da0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
24282658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
24292658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb4da0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
24302658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24312658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24322658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24332658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24342658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
24352658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24362658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24372658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24382658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24392658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24402658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24412658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24422658.318: supR3HardenedDllNotificationCallback: load 00007fffb4310000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
24432658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
24442658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb4310000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
24452658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24462658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24472658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24482658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24492658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
24502658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24512658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24522658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24532658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24542658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24552658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24562658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24572658.318: supR3HardenedDllNotificationCallback: load 00007fffb3ac0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
24582658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
24592658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb3ac0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
24602658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24612658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24622658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24632658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24642658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
24652658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24662658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24672658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24682658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24692658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24702658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24712658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24722658.318: supR3HardenedDllNotificationCallback: load 00007fffb3a50000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
24732658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
24742658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb3a50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
24752658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24762658.3c3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24772658.3c3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24782658.3c3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24792658.3c3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24802658.3c3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
24812658.3c3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24822658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24832658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24842658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24852658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24862658.3c3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24872658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24882658.3c3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24892658.3c3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24902658.3c3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24912658.3c3c: supR3HardenedDllNotificationCallback: load 00007fffb3a30000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24922658.3c3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24932658.3c3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb3a30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24942658.3840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
24952658.3840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24962658.3840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24972658.3840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
24982658.3840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
24992658.3840: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
25002658.3840: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25012658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25022658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25032658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25042658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25052658.3840: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25062658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25072658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25082658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25092658.3840: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25102658.3840: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25112658.3840: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25122658.3840: supR3HardenedDllNotificationCallback: load 00007fffb3d70000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
25132658.3840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25142658.3840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb3d70000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
25152658.3de8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
25162658.3de8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25172658.3de8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25182658.3de8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25192658.3de8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
25202658.3de8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25212658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25222658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25232658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25242658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25252658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25262658.3de8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25272658.3de8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25282658.3de8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25292658.3de8: supR3HardenedDllNotificationCallback: load 00007fffb3ab0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
25302658.3de8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25312658.3de8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb3ab0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
25322658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
25332658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0480000 'C:\WINDOWS\system32\rsaenh.dll'
25342658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25352658.318: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25362658.318: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
25372658.318: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
25382658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25392658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25402658.318: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25412658.318: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25422658.318: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25432658.318: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
25442658.318: supR3HardenedDllNotificationCallback: load 00007fffbc760000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
25452658.318: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
25462658.318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbc760000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy