VirtualBox

Ticket #18833: VBoxHardening.log

File VBoxHardening.log, 146.1 KB (added by erjefe, 5 years ago)
Line 
1f08.2c2c: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
2f08.2c2c: \SystemRoot\System32\ntdll.dll:
3f08.2c2c: CreationTime: 2019-08-12T16:35:23.406032200Z
4f08.2c2c: LastWriteTime: 2019-08-12T16:35:23.452931000Z
5f08.2c2c: ChangeTime: 2019-08-12T16:05:53.357206900Z
6f08.2c2c: FileAttributes: 0x20
7f08.2c2c: Size: 0x1e8320
8f08.2c2c: NT Headers: 0xd8
9f08.2c2c: Timestamp: 0xc00f8a30
10f08.2c2c: Machine: 0x8664 - amd64
11f08.2c2c: Timestamp: 0xc00f8a30
12f08.2c2c: Image Version: 10.0
13f08.2c2c: SizeOfImage: 0x1f0000 (2031616)
14f08.2c2c: Resource Dir: 0x17f000 LB 0x6f1d8
15f08.2c2c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16f08.2c2c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17f08.2c2c: ProductName: Microsoft® Windows® Operating System
18f08.2c2c: ProductVersion: 10.0.18362.267
19f08.2c2c: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
20f08.2c2c: FileDescription: NT Layer DLL
21f08.2c2c: \SystemRoot\System32\kernel32.dll:
22f08.2c2c: CreationTime: 2019-08-12T16:35:08.787750000Z
23f08.2c2c: LastWriteTime: 2019-08-12T16:35:08.803371900Z
24f08.2c2c: ChangeTime: 2019-08-12T16:05:53.247857000Z
25f08.2c2c: FileAttributes: 0x20
26f08.2c2c: Size: 0xb0498
27f08.2c2c: NT Headers: 0xe8
28f08.2c2c: Timestamp: 0xd12f214a
29f08.2c2c: Machine: 0x8664 - amd64
30f08.2c2c: Timestamp: 0xd12f214a
31f08.2c2c: Image Version: 10.0
32f08.2c2c: SizeOfImage: 0xb2000 (729088)
33f08.2c2c: Resource Dir: 0xb0000 LB 0x520
34f08.2c2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35f08.2c2c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36f08.2c2c: ProductName: Microsoft® Windows® Operating System
37f08.2c2c: ProductVersion: 10.0.18362.86
38f08.2c2c: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
39f08.2c2c: FileDescription: Windows NT BASE API Client DLL
40f08.2c2c: \SystemRoot\System32\KernelBase.dll:
41f08.2c2c: CreationTime: 2019-08-12T16:35:23.906051800Z
42f08.2c2c: LastWriteTime: 2019-08-12T16:35:23.952919500Z
43f08.2c2c: ChangeTime: 2019-08-12T16:05:53.294744200Z
44f08.2c2c: FileAttributes: 0x20
45f08.2c2c: Size: 0x2a2d08
46f08.2c2c: NT Headers: 0x100
47f08.2c2c: Timestamp: 0xf09944f9
48f08.2c2c: Machine: 0x8664 - amd64
49f08.2c2c: Timestamp: 0xf09944f9
50f08.2c2c: Image Version: 10.0
51f08.2c2c: SizeOfImage: 0x2a3000 (2764800)
52f08.2c2c: Resource Dir: 0x27d000 LB 0x548
53f08.2c2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54f08.2c2c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55f08.2c2c: ProductName: Microsoft® Windows® Operating System
56f08.2c2c: ProductVersion: 10.0.18362.267
57f08.2c2c: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
58f08.2c2c: FileDescription: Windows NT BASE API Client DLL
59f08.2c2c: \SystemRoot\System32\apisetschema.dll:
60f08.2c2c: CreationTime: 2019-03-19T04:43:54.837151500Z
61f08.2c2c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
62f08.2c2c: ChangeTime: 2019-08-12T16:36:17.405223300Z
63f08.2c2c: FileAttributes: 0x20
64f08.2c2c: Size: 0x1d028
65f08.2c2c: NT Headers: 0xc8
66f08.2c2c: Timestamp: 0xd6ced080
67f08.2c2c: Machine: 0x8664 - amd64
68f08.2c2c: Timestamp: 0xd6ced080
69f08.2c2c: Image Version: 10.0
70f08.2c2c: SizeOfImage: 0x1e000 (122880)
71f08.2c2c: Resource Dir: 0x1d000 LB 0x408
72f08.2c2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73f08.2c2c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74f08.2c2c: ProductName: Microsoft® Windows® Operating System
75f08.2c2c: ProductVersion: 10.0.18362.1
76f08.2c2c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
77f08.2c2c: FileDescription: ApiSet Schema DLL
78f08.2c2c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79f08.2c2c: supR3HardenedWinFindAdversaries: 0x0
80f08.2c2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81f08.2c2c: Calling main()
82f08.2c2c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
83f08.2c2c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84f08.2c2c: SUPR3HardenedMain: Respawn #1
85f08.2c2c: System32: \Device\HarddiskVolume4\Windows\System32
86f08.2c2c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
87f08.2c2c: KnownDllPath: C:\WINDOWS\System32
88f08.2c2c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
89f08.2c2c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
90f08.2c2c: supR3HardNtEnableThreadCreation:
91f08.2c2c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeb5ed1790 pvNtTerminateThread=00007ffeb5efcab0
92f08.2c2c: supR3HardenedWinDoReSpawn(1): New child 3950.241c [kernel32].
93f08.2c2c: supR3HardNtChildGatherData: PebBaseAddress=0000000000602000 cbPeb=0x388
94f08.2c2c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffeb5e60000 uNtDllChildAddr=00007ffeb5e60000
95f08.2c2c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffeb5ed1790
96f08.2c2c: supR3HardenedWinSetupChildInit: Start child.
97f08.2c2c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98f08.2c2c: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 20 sleeps
99f08.2c2c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100f08.2c2c: *0000000000000000-00000000005cffff 0x0001/0x0000 0x0000000
101f08.2c2c: *00000000005d0000-00000000005effff 0x0004/0x0004 0x0020000
102f08.2c2c: *00000000005f0000-00000000005f3fff 0x0002/0x0002 0x0040000
103f08.2c2c: 00000000005f4000-00000000005fffff 0x0001/0x0000 0x0000000
104f08.2c2c: *0000000000600000-0000000000601fff 0x0000/0x0004 0x0020000
105f08.2c2c: 0000000000602000-0000000000604fff 0x0004/0x0004 0x0020000
106f08.2c2c: 0000000000605000-00000000007fffff 0x0000/0x0004 0x0020000
107f08.2c2c: *0000000000800000-000000000081afff 0x0002/0x0002 0x0040000
108f08.2c2c: 000000000081b000-000000000081ffff 0x0001/0x0000 0x0000000
109f08.2c2c: *0000000000820000-000000000091afff 0x0000/0x0004 0x0020000
110f08.2c2c: 000000000091b000-000000000091dfff 0x0104/0x0004 0x0020000
111f08.2c2c: 000000000091e000-000000000091ffff 0x0004/0x0004 0x0020000
112f08.2c2c: *0000000000920000-0000000000921fff 0x0004/0x0004 0x0020000
113f08.2c2c: 0000000000922000-000000007ffdffff 0x0001/0x0000 0x0000000
114f08.2c2c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
115f08.2c2c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
116f08.2c2c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
117f08.2c2c: 000000007ffe6000-00007ff585afffff 0x0001/0x0000 0x0000000
118f08.2c2c: *00007ff585b00000-00007ff585b00fff 0x0002/0x0002 0x0040000
119f08.2c2c: 00007ff585b01000-00007ff585b0ffff 0x0001/0x0000 0x0000000
120f08.2c2c: *00007ff585b10000-00007ff585b32fff 0x0002/0x0002 0x0040000
121f08.2c2c: 00007ff585b33000-00007ff7ad9cffff 0x0001/0x0000 0x0000000
122f08.2c2c: *00007ff7ad9d0000-00007ff7ad9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
123f08.2c2c: 00007ff7ad9d1000-00007ff7ada45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
124f08.2c2c: 00007ff7ada46000-00007ff7ada46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
125f08.2c2c: 00007ff7ada47000-00007ff7ada8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
126f08.2c2c: 00007ff7ada8e000-00007ff7ada8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
127f08.2c2c: 00007ff7ada8f000-00007ff7ada8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
128f08.2c2c: 00007ff7ada90000-00007ff7ada94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
129f08.2c2c: 00007ff7ada95000-00007ff7ada95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
130f08.2c2c: 00007ff7ada96000-00007ff7ada96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
131f08.2c2c: 00007ff7ada97000-00007ff7ada9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
132f08.2c2c: 00007ff7ada9b000-00007ff7adae3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
133f08.2c2c: 00007ff7adae4000-00007ffeb5e5ffff 0x0001/0x0000 0x0000000
134f08.2c2c: *00007ffeb5e60000-00007ffeb5e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
135f08.2c2c: 00007ffeb5e61000-00007ffeb5f77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
136f08.2c2c: 00007ffeb5f78000-00007ffeb5fbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
137f08.2c2c: 00007ffeb5fbf000-00007ffeb5fcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
138f08.2c2c: 00007ffeb5fcb000-00007ffeb5fd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
139f08.2c2c: 00007ffeb5fda000-00007ffeb5fdafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
140f08.2c2c: 00007ffeb5fdb000-00007ffeb5fddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
141f08.2c2c: 00007ffeb5fde000-00007ffeb604ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
142f08.2c2c: 00007ffeb6050000-00007ffffffeffff 0x0001/0x0000 0x0000000
143f08.2c2c: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
144f08.2c2c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
145f08.2c2c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
146f08.2c2c: supR3HardNtChildPurify: Done after 287 ms and 0 fixes (loop #0).
1473950.241c: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
1483950.241c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffeb5e60000 g_uNtVerCombined=0xa047ba00
149f08.2c2c: supR3HardNtEnableThreadCreation:
1503950.241c: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS)
1513950.241c: New simple heap: #1 0000000000a30000 LB 0x400000 (for 2031616 allocation)
1523950.241c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1533950.241c: System32: \Device\HarddiskVolume4\Windows\System32
1543950.241c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1553950.241c: KnownDllPath: C:\WINDOWS\System32
1563950.241c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1573950.241c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1583950.241c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1593950.241c: Registered Dll notification callback with NTDLL.
1603950.241c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1613950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1623950.241c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1633950.241c: supR3HardenedDllNotificationCallback: load 00007ffeb2ec0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1643950.241c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1653950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1663950.241c: supR3HardenedDllNotificationCallback: load 00007ffeb5070000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1673950.241c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1683950.241c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5070000 'C:\WINDOWS\System32\KERNEL32.DLL'
1693950.241c: supR3HardenedDllNotificationCallback: load 00007ff7ad9d0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1703950.241c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1713950.241c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1723950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1733950.241c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeb5ed1790 pvNtTerminateThread=00007ffeb5efcab0
174f08.2c2c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 73 ms.
1753950.241c: \SystemRoot\System32\ntdll.dll:
1763950.241c: CreationTime: 2019-08-12T16:35:23.406032200Z
1773950.241c: LastWriteTime: 2019-08-12T16:35:23.452931000Z
1783950.241c: ChangeTime: 2019-08-12T16:05:53.357206900Z
1793950.241c: FileAttributes: 0x20
1803950.241c: Size: 0x1e8320
1813950.241c: NT Headers: 0xd8
1823950.241c: Timestamp: 0xc00f8a30
1833950.241c: Machine: 0x8664 - amd64
1843950.241c: Timestamp: 0xc00f8a30
1853950.241c: Image Version: 10.0
1863950.241c: SizeOfImage: 0x1f0000 (2031616)
1873950.241c: Resource Dir: 0x17f000 LB 0x6f1d8
1883950.241c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1893950.241c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1903950.241c: ProductName: Microsoft® Windows® Operating System
1913950.241c: ProductVersion: 10.0.18362.267
1923950.241c: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
1933950.241c: FileDescription: NT Layer DLL
1943950.241c: \SystemRoot\System32\kernel32.dll:
1953950.241c: CreationTime: 2019-08-12T16:35:08.787750000Z
1963950.241c: LastWriteTime: 2019-08-12T16:35:08.803371900Z
1973950.241c: ChangeTime: 2019-08-12T16:05:53.247857000Z
1983950.241c: FileAttributes: 0x20
1993950.241c: Size: 0xb0498
2003950.241c: NT Headers: 0xe8
2013950.241c: Timestamp: 0xd12f214a
2023950.241c: Machine: 0x8664 - amd64
2033950.241c: Timestamp: 0xd12f214a
2043950.241c: Image Version: 10.0
2053950.241c: SizeOfImage: 0xb2000 (729088)
2063950.241c: Resource Dir: 0xb0000 LB 0x520
2073950.241c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2083950.241c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2093950.241c: ProductName: Microsoft® Windows® Operating System
2103950.241c: ProductVersion: 10.0.18362.86
2113950.241c: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
2123950.241c: FileDescription: Windows NT BASE API Client DLL
2133950.241c: \SystemRoot\System32\KernelBase.dll:
2143950.241c: CreationTime: 2019-08-12T16:35:23.906051800Z
2153950.241c: LastWriteTime: 2019-08-12T16:35:23.952919500Z
2163950.241c: ChangeTime: 2019-08-12T16:05:53.294744200Z
2173950.241c: FileAttributes: 0x20
2183950.241c: Size: 0x2a2d08
2193950.241c: NT Headers: 0x100
2203950.241c: Timestamp: 0xf09944f9
2213950.241c: Machine: 0x8664 - amd64
2223950.241c: Timestamp: 0xf09944f9
2233950.241c: Image Version: 10.0
2243950.241c: SizeOfImage: 0x2a3000 (2764800)
2253950.241c: Resource Dir: 0x27d000 LB 0x548
2263950.241c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2273950.241c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2283950.241c: ProductName: Microsoft® Windows® Operating System
2293950.241c: ProductVersion: 10.0.18362.267
2303950.241c: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
2313950.241c: FileDescription: Windows NT BASE API Client DLL
2323950.241c: \SystemRoot\System32\apisetschema.dll:
2333950.241c: CreationTime: 2019-03-19T04:43:54.837151500Z
2343950.241c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
2353950.241c: ChangeTime: 2019-08-12T16:36:17.405223300Z
2363950.241c: FileAttributes: 0x20
2373950.241c: Size: 0x1d028
2383950.241c: NT Headers: 0xc8
2393950.241c: Timestamp: 0xd6ced080
2403950.241c: Machine: 0x8664 - amd64
2413950.241c: Timestamp: 0xd6ced080
2423950.241c: Image Version: 10.0
2433950.241c: SizeOfImage: 0x1e000 (122880)
2443950.241c: Resource Dir: 0x1d000 LB 0x408
2453950.241c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2463950.241c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2473950.241c: ProductName: Microsoft® Windows® Operating System
2483950.241c: ProductVersion: 10.0.18362.1
2493950.241c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
2503950.241c: FileDescription: ApiSet Schema DLL
2513950.241c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2523950.241c: supR3HardenedWinFindAdversaries: 0x0
2533950.241c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2543950.241c: Calling main()
2553950.241c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2563950.241c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2573950.241c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2583950.241c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2593950.241c: SUPR3HardenedMain: Respawn #2
2603950.241c: supR3HardNtEnableThreadCreation:
2613950.241c: supR3HardenedDllNotificationCallback: load 00007ffeb5350000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
2623950.241c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
2633950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
2643950.241c: supR3HardenedDllNotificationCallback: load 00007ffeb5130000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
2653950.241c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
2663950.241c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
2673950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
2683950.241c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2693950.241c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
2703950.241c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2713950.241c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2723950.241c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2733950.241c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
2743950.241c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2753950.241c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5e60000 'C:\WINDOWS\System32\ntdll.dll'
2763950.241c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeb5ed1790 pvNtTerminateThread=00007ffeb5efcab0
2773950.241c: supR3HardenedWinDoReSpawn(2): New child 1d48.548 [kernel32].
2783950.241c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2793950.241c: supR3HardNtChildGatherData: PebBaseAddress=0000000000eb4000 cbPeb=0x388
2803950.241c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffeb5e60000 uNtDllChildAddr=00007ffeb5e60000
2813950.241c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffeb5ed1790
2823950.241c: supR3HardenedWinSetupChildInit: Start child.
2833950.241c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2843950.241c: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 26 sleeps
2853950.241c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2863950.241c: *0000000000000000-0000000000c1ffff 0x0001/0x0000 0x0000000
2873950.241c: *0000000000c20000-0000000000c3ffff 0x0004/0x0004 0x0020000
2883950.241c: *0000000000c40000-0000000000c5afff 0x0002/0x0002 0x0040000
2893950.241c: 0000000000c5b000-0000000000c5ffff 0x0001/0x0000 0x0000000
2903950.241c: *0000000000c60000-0000000000d5afff 0x0000/0x0004 0x0020000
2913950.241c: 0000000000d5b000-0000000000d5dfff 0x0104/0x0004 0x0020000
2923950.241c: 0000000000d5e000-0000000000d5ffff 0x0004/0x0004 0x0020000
2933950.241c: *0000000000d60000-0000000000d63fff 0x0002/0x0002 0x0040000
2943950.241c: 0000000000d64000-0000000000d6ffff 0x0001/0x0000 0x0000000
2953950.241c: *0000000000d70000-0000000000d71fff 0x0004/0x0004 0x0020000
2963950.241c: 0000000000d72000-0000000000dfffff 0x0001/0x0000 0x0000000
2973950.241c: *0000000000e00000-0000000000eb3fff 0x0000/0x0004 0x0020000
2983950.241c: 0000000000eb4000-0000000000eb6fff 0x0004/0x0004 0x0020000
2993950.241c: 0000000000eb7000-0000000000ffffff 0x0000/0x0004 0x0020000
3003950.241c: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
3013950.241c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3023950.241c: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
3033950.241c: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
3043950.241c: 000000007ffe6000-00007ff564d6ffff 0x0001/0x0000 0x0000000
3053950.241c: *00007ff564d70000-00007ff564d70fff 0x0002/0x0002 0x0040000
3063950.241c: 00007ff564d71000-00007ff564d7ffff 0x0001/0x0000 0x0000000
3073950.241c: *00007ff564d80000-00007ff564da2fff 0x0002/0x0002 0x0040000
3083950.241c: 00007ff564da3000-00007ff7ad9cffff 0x0001/0x0000 0x0000000
3093950.241c: *00007ff7ad9d0000-00007ff7ad9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3103950.241c: 00007ff7ad9d1000-00007ff7ada45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3113950.241c: 00007ff7ada46000-00007ff7ada46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3123950.241c: 00007ff7ada47000-00007ff7ada8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3133950.241c: 00007ff7ada8e000-00007ff7ada8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3143950.241c: 00007ff7ada8f000-00007ff7ada8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3153950.241c: 00007ff7ada90000-00007ff7ada94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3163950.241c: 00007ff7ada95000-00007ff7ada95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3173950.241c: 00007ff7ada96000-00007ff7ada96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3183950.241c: 00007ff7ada97000-00007ff7ada9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3193950.241c: 00007ff7ada9b000-00007ff7adae3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3203950.241c: 00007ff7adae4000-00007ffeb5e5ffff 0x0001/0x0000 0x0000000
3213950.241c: *00007ffeb5e60000-00007ffeb5e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3223950.241c: 00007ffeb5e61000-00007ffeb5f77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3233950.241c: 00007ffeb5f78000-00007ffeb5fbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3243950.241c: 00007ffeb5fbf000-00007ffeb5fcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3253950.241c: 00007ffeb5fcb000-00007ffeb5fd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3263950.241c: 00007ffeb5fda000-00007ffeb5fdafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3273950.241c: 00007ffeb5fdb000-00007ffeb5fddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3283950.241c: 00007ffeb5fde000-00007ffeb604ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3293950.241c: 00007ffeb6050000-00007ffffffeffff 0x0001/0x0000 0x0000000
3303950.241c: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
3313950.241c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3323950.241c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3333950.241c: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0).
3341d48.548: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
3351d48.548: supR3HardenedVmProcessInit: uNtDllAddr=00007ffeb5e60000 g_uNtVerCombined=0xa047ba00
3363950.241c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a30000 LB 0x400000)
3371d48.548: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS)
3381d48.548: New simple heap: #1 0000000001100000 LB 0x400000 (for 2031616 allocation)
3393950.241c: supR3HardNtEnableThreadCreation:
3401d48.548: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3411d48.548: System32: \Device\HarddiskVolume4\Windows\System32
3421d48.548: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3431d48.548: KnownDllPath: C:\WINDOWS\System32
3441d48.548: supR3HardenedVmProcessInit: Opening vboxdrv...
3451d48.548: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3461d48.548: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3471d48.548: Registered Dll notification callback with NTDLL.
3481d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3491d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3501d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3511d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb2ec0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3521d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3531d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3541d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb5070000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3551d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3561d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5070000 'C:\WINDOWS\System32\KERNEL32.DLL'
3571d48.548: supR3HardenedDllNotificationCallback: load 00007ff7ad9d0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3581d48.548: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3591d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3601d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3611d48.548: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffeb5ed1790 pvNtTerminateThread=00007ffeb5efcab0
3623950.241c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
3631d48.548: \SystemRoot\System32\ntdll.dll:
3641d48.548: CreationTime: 2019-08-12T16:35:23.406032200Z
3651d48.548: LastWriteTime: 2019-08-12T16:35:23.452931000Z
3661d48.548: ChangeTime: 2019-08-12T16:05:53.357206900Z
3671d48.548: FileAttributes: 0x20
3681d48.548: Size: 0x1e8320
3691d48.548: NT Headers: 0xd8
3701d48.548: Timestamp: 0xc00f8a30
3711d48.548: Machine: 0x8664 - amd64
3721d48.548: Timestamp: 0xc00f8a30
3731d48.548: Image Version: 10.0
3741d48.548: SizeOfImage: 0x1f0000 (2031616)
3751d48.548: Resource Dir: 0x17f000 LB 0x6f1d8
3761d48.548: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3771d48.548: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3781d48.548: ProductName: Microsoft® Windows® Operating System
3791d48.548: ProductVersion: 10.0.18362.267
3801d48.548: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
3811d48.548: FileDescription: NT Layer DLL
3821d48.548: \SystemRoot\System32\kernel32.dll:
3831d48.548: CreationTime: 2019-08-12T16:35:08.787750000Z
3841d48.548: LastWriteTime: 2019-08-12T16:35:08.803371900Z
3851d48.548: ChangeTime: 2019-08-12T16:05:53.247857000Z
3861d48.548: FileAttributes: 0x20
3871d48.548: Size: 0xb0498
3881d48.548: NT Headers: 0xe8
3891d48.548: Timestamp: 0xd12f214a
3901d48.548: Machine: 0x8664 - amd64
3911d48.548: Timestamp: 0xd12f214a
3921d48.548: Image Version: 10.0
3931d48.548: SizeOfImage: 0xb2000 (729088)
3941d48.548: Resource Dir: 0xb0000 LB 0x520
3951d48.548: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3961d48.548: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3971d48.548: ProductName: Microsoft® Windows® Operating System
3981d48.548: ProductVersion: 10.0.18362.86
3991d48.548: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
4001d48.548: FileDescription: Windows NT BASE API Client DLL
4011d48.548: \SystemRoot\System32\KernelBase.dll:
4021d48.548: CreationTime: 2019-08-12T16:35:23.906051800Z
4031d48.548: LastWriteTime: 2019-08-12T16:35:23.952919500Z
4041d48.548: ChangeTime: 2019-08-12T16:05:53.294744200Z
4051d48.548: FileAttributes: 0x20
4061d48.548: Size: 0x2a2d08
4071d48.548: NT Headers: 0x100
4081d48.548: Timestamp: 0xf09944f9
4091d48.548: Machine: 0x8664 - amd64
4101d48.548: Timestamp: 0xf09944f9
4111d48.548: Image Version: 10.0
4121d48.548: SizeOfImage: 0x2a3000 (2764800)
4131d48.548: Resource Dir: 0x27d000 LB 0x548
4141d48.548: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4151d48.548: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4161d48.548: ProductName: Microsoft® Windows® Operating System
4171d48.548: ProductVersion: 10.0.18362.267
4181d48.548: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
4191d48.548: FileDescription: Windows NT BASE API Client DLL
4201d48.548: \SystemRoot\System32\apisetschema.dll:
4211d48.548: CreationTime: 2019-03-19T04:43:54.837151500Z
4221d48.548: LastWriteTime: 2019-03-19T04:43:54.837151500Z
4231d48.548: ChangeTime: 2019-08-12T16:36:17.405223300Z
4241d48.548: FileAttributes: 0x20
4251d48.548: Size: 0x1d028
4261d48.548: NT Headers: 0xc8
4271d48.548: Timestamp: 0xd6ced080
4281d48.548: Machine: 0x8664 - amd64
4291d48.548: Timestamp: 0xd6ced080
4301d48.548: Image Version: 10.0
4311d48.548: SizeOfImage: 0x1e000 (122880)
4321d48.548: Resource Dir: 0x1d000 LB 0x408
4331d48.548: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4341d48.548: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4351d48.548: ProductName: Microsoft® Windows® Operating System
4361d48.548: ProductVersion: 10.0.18362.1
4371d48.548: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
4381d48.548: FileDescription: ApiSet Schema DLL
4391d48.548: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4401d48.548: supR3HardenedWinFindAdversaries: 0x0
4411d48.548: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4421d48.548: Calling main()
4431d48.548: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
4441d48.548: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4451d48.548: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
4461d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
4471d48.548: SUPR3HardenedMain: Final process, opening VBoxDrv...
4481d48.548: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
4491d48.548: supR3HardNtEnableThreadCreation:
4501d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4511d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4521d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4531d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4541d48.548: supR3HardenedDllNotificationCallback: load 00007ffea6f10000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4551d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4561d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4571d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4581d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea6f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4591d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4601d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4611d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea6f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4621d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea6f10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4631d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4641d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4651d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4661d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4671d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
4681d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4691d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4701d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4711d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4721d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4731d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4741d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4751d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
4761d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
4771d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
4781d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4791d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4801d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
4811d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
4821d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4831d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4841d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
4851d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
4861d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4871d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4881d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4891d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4901d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb4d20000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4911d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4921d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb2dd0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4931d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4941d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb3270000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4951d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
4961d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4971d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb3cb0000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4981d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4991d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb5350000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
5001d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5011d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb3e00000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5021d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5031d48.548: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5041d48.548: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5051d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2ec0000 'api-ms-win-core-synch-l1-2-0'
5061d48.548: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5071d48.548: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5081d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2ec0000 'api-ms-win-core-fibers-l1-1-1'
5091d48.548: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5101d48.548: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5111d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2ec0000 'api-ms-win-core-fibers-l1-1-1'
5121d48.548: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5131d48.548: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5141d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2ec0000 'api-ms-win-core-synch-l1-2-0'
5151d48.548: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5161d48.548: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5171d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2ec0000 'api-ms-win-core-localization-l1-2-1'
5181d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3e00000 'C:\WINDOWS\system32\Wintrust.dll'
5191d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
5201d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
5211d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5221d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb3170000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
5231d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5241d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3170000 'C:\WINDOWS\system32\bcrypt.dll'
5251d48.548: bcrypt.dll loaded at 00007ffeb3170000, BCryptOpenAlgorithmProvider at 00007ffeb3174c70, preloading providers:
5261d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
5271d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
5281d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5291d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb31f0000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5301d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5311d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb31f0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5321d48.548: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000151a3c0)
5331d48.548: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000151a780)
5341d48.548: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000015209c0)
5351d48.548: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001520cc0)
5361d48.548: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001520fc0)
5371d48.548: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000015212c0)
5381d48.548: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000015215c0)
5391d48.548: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000015218c0)
5401d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb3370000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
5411d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
5421d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
5431d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5441d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
5451d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
5461d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5471d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5481d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5491d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5501d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5511d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb2110000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5521d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5531d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
5541d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5551d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
5561d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
5571d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb2770000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5581d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5591d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5601d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5611d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5621d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5631d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5641d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5070000 'C:\WINDOWS\System32\kernel32.dll'
5651d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5661d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5671d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3e00000 'C:\WINDOWS\System32\WINTRUST.DLL'
5681d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5691d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5701d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\CRYPT32.dll'
5711d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb52d0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
5721d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
5731d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
5741d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
5751d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5761d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5771d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5781d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5791d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5801d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
5811d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb5130000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
5821d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
5831d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
5841d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
5851d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5861d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5871d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
5881d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
5891d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb1950000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
5901d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5911d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb2db0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
5921d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
5931d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
5941d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5951d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
5961d48.548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
5971d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
5981d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5991d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6001d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6011d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6021d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6031d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6041d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6051d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6061d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6071d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6081d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6091d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6101d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6111d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6121d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6131d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6141d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6151d48.548: supR3HardenedDllNotificationCallback: load 00007ffeab2e0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6161d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6171d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6181d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6191d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6201d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6211d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6221d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6231d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6241d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6251d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6261d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6271d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6281d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6291d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6301d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6311d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6321d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6331d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6341d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6351d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6361d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6371d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6381d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6391d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6401d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6411d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6421d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6431d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6441d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6451d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\WINDOWS\System32\cryptnet.dll'
6461d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6471d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeab2e0000 'C:\Windows\System32\cryptnet.dll'
6481d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb4c70000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
6491d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6501d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
6511d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6521d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
6531d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
6541d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6551d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6561d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6571d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6581d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6591d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6601d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6611d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6621d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6631d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6641d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6651d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
6661d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6671d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6681d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
6691d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6701d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159c080
6711d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159c080
6721d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59683E4892ADEA0047CF84A192D2577B929A672F
6731d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6741d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6751d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb5350000 'C:\WINDOWS\System32\rpcrt4.dll'
6761d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
6771d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159bd80
6781d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159bd80
6791d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=0ECA326FD5A1C75944CB6DF891C02ADCE8E4E2C398028F4972E601EA278F78ED
6801d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
6811d48.548: g_pfnWinVerifyTrust=00007ffeb3e061f0
6821d48.548: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6831d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6841d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6851d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
6861d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6871d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6881d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
6891d48.548: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
6901d48.548: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6911d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6921d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6931d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
6941d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
6951d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6961d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
6971d48.548: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
6981d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6991d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7001d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7011d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7021d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7031d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7041d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
7051d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7061d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159c080
7071d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159c080
7081d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
7091d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
7101d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159b6c0
7111d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b6c0
7121d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
7131d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
7141d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159bd80
7151d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159bd80
7161d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C
7171d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
7181d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159b540
7191d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b540
7201d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=22186588BDA4845FA9E0DBF8BEA457D094106A66CEA15B5F867FB5BDCE35A45C
7211d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
7221d48.548: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
7231d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7241d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7251d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7261d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7271d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7281d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
7291d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7301d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7311d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7321d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
7331d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7341d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7351d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7361d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
7371d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7381d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7391d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7401d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
7411d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7421d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7431d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7441d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
7451d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7461d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7471d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7481d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
7491d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7501d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7511d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
7521d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7531d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7541d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7551d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7561d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
7571d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
7581d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7591d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7601d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7611d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
7621d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7631d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7641d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
7651d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7661d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7671d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
7681d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7691d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7701d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
7711d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7721d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7731d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
7741d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7751d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7761d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7771d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
7781d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7791d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7801d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
7811d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
7821d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
7831d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
7841d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\system32\crypt32.dll'
7851d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x2d281fd08c6e8eb3 CN=WZT
7861d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7871d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7881d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7891d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
7901d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7911d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x720c5d4a3e14c300 C=DE, O=Siemens AG, OU=DF, CN=Siemens Automation CA 2016
7921d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
7931d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xc84306d0aa2f6fc2 CN=Siemens.WinCC.AdHocSigner
7941d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
7951d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
7961d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
7971d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
7981d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xfc05cb390843c900 C=DE, L=Nuremberg, O=Siemens AG, OU=I IA, CN=Siemens TIA CA V13
7991d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
8001d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
8011d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8021d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
8031d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8041d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8051d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8061d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8071d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8081d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8091d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8101d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8111d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8121d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8131d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8141d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8151d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8161d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8171d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8181d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
8191d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8201d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8211d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8221d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8231d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
8241d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
8251d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8261d48.548: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8271d48.548: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
8281d48.548: SUPR3HardenedMain: Load Runtime...
8291d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
8301d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8311d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8321d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
8331d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
8341d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8351d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8361d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8371d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8381d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
8391d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
8401d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8411d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
8421d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8431d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8441d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8451d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8461d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8471d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8481d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8491d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8501d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8511d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
8521d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8531d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
8541d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8551d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8561d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8571d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8581d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8591d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8601d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
8611d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
8621d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
8631d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
8641d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8651d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8661d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8671d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8681d48.548: supR3HardenedDllNotificationCallback: load 0000000068350000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8691d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8701d48.548: supR3HardenedDllNotificationCallback: load 00000000677d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8711d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8721d48.548: supR3HardenedDllNotificationCallback: load 00007ffeb51d0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
8731d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8741d48.548: supR3HardenedDllNotificationCallback: load 00007ffe6ed40000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8751d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8761d48.548: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8771d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8781d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8791d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8801d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8811d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8821d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8831d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8841d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8851d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8861d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8871d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8881d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8891d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8901d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8911d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8921d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8931d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8941d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8951d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8961d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8971d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8991d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9001d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9021d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9031d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9041d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9051d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9061d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9111d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9121d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9141d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9151d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9161d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9171d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9181d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9191d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9201d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9211d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9221d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9231d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9241d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9251d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9261d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe6ed40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9271d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
9281d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9291d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3e00000 'C:\WINDOWS\system32\Wintrust.dll'
9301d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
9311d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
9321d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\system32\crypt32.dll'
9331d48.548: SUPR3HardenedMain: Load TrustedMain...
9341d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
9351d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9361d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
9371d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
9381d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
9391d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
9401d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
9411d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
9421d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
9431d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9441d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9451d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
9461d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
9471d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
9481d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
9491d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
9501d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9511d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9521d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
9531d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
9541d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9551d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9561d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
9571d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
9581d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9591d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9601d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9611d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9621d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9631d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9641d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9651d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9661d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
9671d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9681d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
9691d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
9701d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9711d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9721d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9731d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9741d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
9751d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
9761d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9771d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9781d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
9791d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
9801d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9811d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9821d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9831d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9841d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9851d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9861d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9871d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
9881d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9891d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
9901d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
9911d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
9921d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9931d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9941d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
9951d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
9961d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
9971d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9981d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9991d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10001d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10011d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10021d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
10031d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
10041d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
10051d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
10061d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
10071d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
10081d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
10091d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
10101d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10111d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10121d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10131d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10141d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
10151d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10161d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10171d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
10181d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10191d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10201d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
10211d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
10221d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10231d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10241d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
10251d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
10261d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10271d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
10281d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10291d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10301d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10311d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10321d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
10331d48.548: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
10341d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
10351d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
10361d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10371d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10381d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10391d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10401d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10411d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
10421d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
10431d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
10441d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10451d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10461d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
10471d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
10481d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
10491d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10501d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10511d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10521d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
10531d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
10541d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
10551d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
10561d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
10571d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
10581d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
10591d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10601d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
10611d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
10621d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10631d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10641d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
10651d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
10661d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
10671d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
10681d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
10691d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
10701d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10711d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
10721d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10731d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
10741d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
10751d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
10761d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
10771d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
10781d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
10791d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
10801d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
10811d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
10821d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
10831d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10841d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
10851d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10861d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10871d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10881d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
10891d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
10901d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
10911d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
10921d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
10931d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
10941d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
10951d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
10961d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10971d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
10981d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
10991d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11001d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11011d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11021d48.548: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11031d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11041d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11051d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11061d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11071d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11081d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11091d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11101d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11111d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11121d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
11131d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
11141d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
11151d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
11161d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
11171d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11181d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11191d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11201d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11211d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11221d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
11231d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11241d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11251d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11261d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11271d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11281d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11291d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11301d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11311d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11321d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11331d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11341d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11351d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11361d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11371d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11381d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11391d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11401d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11411d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11421d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11431d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11441d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
11451d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
11461d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
11471d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11481d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
11491d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11501d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11511d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
11521d48.548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
11531d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
11541d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11551d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11561d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
11571d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11581d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11591d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11601d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11611d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11621d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11631d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
11641d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
11651d48.548: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
11661d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
11671d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
11681d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11691d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11701d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
11711d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11721d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11731d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
11741d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11751d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11761d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
11771d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11781d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11791d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11801d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11811d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11821d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11831d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
11841d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
11851d48.548: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
11861d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11871d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11881d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
11891d48.548: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
11901d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
11911d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11921d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11931d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11941d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11951d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11961d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11971d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11981d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11991d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12001d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12011d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12021d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12031d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12041d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12051d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12061d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12071d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12081d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12091d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12101d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12111d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12121d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12131d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12141d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12151d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12161d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12171d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12181d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
12191d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12201d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12211d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
12221d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
12231d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
12241d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
12251d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
12261d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
12271d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12281d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12291d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
12301d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12311d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12321d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12331d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12341d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12351d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12361d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12371d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12381d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
12391d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12401d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12411d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12421d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12431d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12441d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12451d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12461d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12471d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
12481d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12491d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12501d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12511d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
12521d48.548: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
12531d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12541d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12551d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
12561d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
12571d48.548: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
12581d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12591d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12601d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
12611d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
12621d48.548: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
12631d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12641d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12651d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12661d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
12671d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
12681d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
12691d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
12701d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
12711d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
12721d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
12731d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
12741d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12751d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
12761d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12771d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
12781d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
12791d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
12801d48.548: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
12811d48.548: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
12821d48.548: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
12831d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12841d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12851d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
12861d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
12871d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159b6c0
12881d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b6c0
12891d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=81AC95F8978B2F9C96F901581C10110833992EDD
12901d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
12911d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159b9c0
12921d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b9c0
12931d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=81AC95F8978B2F9C96F901581C10110833992EDD
12941d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
12951d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159b540
12961d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b540
12971d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=A5489E5F56E25D50FD0BE500E7DCF62631FCCAF2AF26DC35BFEDA179EBCF6C66
12981d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
12991d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159ba80
13001d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159ba80
13011d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=A5489E5F56E25D50FD0BE500E7DCF62631FCCAF2AF26DC35BFEDA179EBCF6C66
13021d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
13031d48.548: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
13041d48.548: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
13051d48.548: Error (rc=0):
13061d48.548: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Windows\System32\opengl32.dll
13071d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13081d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13091d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13101d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13111d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
13121d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13131d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13141d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
13151d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13161d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13171d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
13181d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13191d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13201d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
13211d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13221d48.548: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
13231d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13241d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13251d48.548: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
13261d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13271d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13281d48.548: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
13291d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13301d48.548: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13311d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13321d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13331d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13341d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13351d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13361d48.548: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13371d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13381d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13391d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13401d48.548: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13411d48.548: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
13421d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
13431d48.548: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
13441d48.548: Error (rc=0):
13451d48.548: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xd cHits=3 \Device\HarddiskVolume4\Windows\System32\opengl32.dll
13461d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
13471d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
13481d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159b9c0
13491d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b9c0
13501d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=467E896CFD6AFD03708D072CEADBD1738A473850
13511d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
13521d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159bd80
13531d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159bd80
13541d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=467E896CFD6AFD03708D072CEADBD1738A473850
13551d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
13561d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000159ba80
13571d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159ba80
13581d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=995C3DC27F74C52F41635736986339983AEDF2F1E4820B7B4C4412AEECAFD066
13591d48.548: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
13601d48.548: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000159b600
13611d48.548: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000159b600
13621d48.548: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=995C3DC27F74C52F41635736986339983AEDF2F1E4820B7B4C4412AEECAFD066
13631d48.548: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
13641d48.548: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
13651d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
13661d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13671d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13681d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
13691d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13701d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13711d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
13721d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13731d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13741d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
13751d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13761d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13771d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
13781d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13791d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13801d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
13811d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13821d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13831d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
13841d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb2110000 'C:\WINDOWS\system32\rsaenh.dll'
13851d48.548: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb3cb0000 'C:\WINDOWS\System32\crypt32.dll'
13861d48.548: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
13871d48.548: Fatal error:
13881d48.548: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790
13893950.241c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1235 ms, the end);
1390f08.2c2c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1651 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy