API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 26th, 2018
240
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 174.86 KB | None | 0 0
raw download clone embed print report
  1. e8.55c: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
  2. e8.55c: \SystemRoot\System32\ntdll.dll:
  3. e8.55c: CreationTime: 2018-04-11T23:34:22.383017500Z
  4. e8.55c: LastWriteTime: 2018-04-11T23:34:22.383017500Z
  5. e8.55c: ChangeTime: 2018-05-13T16:46:20.325487600Z
  6. e8.55c: FileAttributes: 0x20
  7. e8.55c: Size: 0x1db2c0
  8. e8.55c: NT Headers: 0xe8
  9. e8.55c: Timestamp: 0x207580e2
  10. e8.55c: Machine: 0x8664 - amd64
  11. e8.55c: Timestamp: 0x207580e2
  12. e8.55c: Image Version: 10.0
  13. e8.55c: SizeOfImage: 0x1e1000 (1970176)
  14. e8.55c: Resource Dir: 0x174000 LB 0x6b338
  15. e8.55c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  16. e8.55c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  17. e8.55c: ProductName: Microsoft® Windows® Operating System
  18. e8.55c: ProductVersion: 10.0.17134.1
  19. e8.55c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  20. e8.55c: FileDescription: NT Layer DLL
  21. e8.55c: \SystemRoot\System32\kernel32.dll:
  22. e8.55c: CreationTime: 2018-04-11T23:34:40.510607900Z
  23. e8.55c: LastWriteTime: 2018-04-11T23:34:40.510607900Z
  24. e8.55c: ChangeTime: 2018-05-13T16:46:20.137993600Z
  25. e8.55c: FileAttributes: 0x20
  26. e8.55c: Size: 0xafef8
  27. e8.55c: NT Headers: 0xe8
  28. e8.55c: Timestamp: 0x5f488a51
  29. e8.55c: Machine: 0x8664 - amd64
  30. e8.55c: Timestamp: 0x5f488a51
  31. e8.55c: Image Version: 10.0
  32. e8.55c: SizeOfImage: 0xb2000 (729088)
  33. e8.55c: Resource Dir: 0xb0000 LB 0x520
  34. e8.55c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  35. e8.55c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  36. e8.55c: ProductName: Microsoft® Windows® Operating System
  37. e8.55c: ProductVersion: 10.0.17134.1
  38. e8.55c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  39. e8.55c: FileDescription: Windows NT BASE API Client DLL
  40. e8.55c: \SystemRoot\System32\KernelBase.dll:
  41. e8.55c: CreationTime: 2018-04-11T23:34:20.976649600Z
  42. e8.55c: LastWriteTime: 2018-04-11T23:34:20.976649600Z
  43. e8.55c: ChangeTime: 2018-05-13T16:46:20.247365300Z
  44. e8.55c: FileAttributes: 0x20
  45. e8.55c: Size: 0x2731d0
  46. e8.55c: NT Headers: 0xf8
  47. e8.55c: Timestamp: 0x701ca188
  48. e8.55c: Machine: 0x8664 - amd64
  49. e8.55c: Timestamp: 0x701ca188
  50. e8.55c: Image Version: 10.0
  51. e8.55c: SizeOfImage: 0x273000 (2568192)
  52. e8.55c: Resource Dir: 0x251000 LB 0x548
  53. e8.55c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  54. e8.55c: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  55. e8.55c: ProductName: Microsoft® Windows® Operating System
  56. e8.55c: ProductVersion: 10.0.17134.1
  57. e8.55c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  58. e8.55c: FileDescription: Windows NT BASE API Client DLL
  59. e8.55c: \SystemRoot\System32\apisetschema.dll:
  60. e8.55c: CreationTime: 2018-04-11T23:34:44.042150700Z
  61. e8.55c: LastWriteTime: 2018-04-11T23:34:44.042150700Z
  62. e8.55c: ChangeTime: 2018-05-13T15:14:35.896078500Z
  63. e8.55c: FileAttributes: 0x20
  64. e8.55c: Size: 0x1bd98
  65. e8.55c: NT Headers: 0xd0
  66. e8.55c: Timestamp: 0xd02ff418
  67. e8.55c: Machine: 0x8664 - amd64
  68. e8.55c: Timestamp: 0xd02ff418
  69. e8.55c: Image Version: 10.0
  70. e8.55c: SizeOfImage: 0x1c000 (114688)
  71. e8.55c: Resource Dir: 0x1b000 LB 0x408
  72. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  73. e8.55c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  74. e8.55c: ProductName: Microsoft® Windows® Operating System
  75. e8.55c: ProductVersion: 10.0.17134.1
  76. e8.55c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  77. e8.55c: FileDescription: ApiSet Schema DLL
  78. e8.55c: supR3HardenedWinFindAdversaries: 0x88
  79. e8.55c: \SystemRoot\System32\drivers\tmcomm.sys:
  80. e8.55c: CreationTime: 2017-11-28T08:18:56.445271200Z
  81. e8.55c: LastWriteTime: 2017-11-28T08:18:56.926588900Z
  82. e8.55c: ChangeTime: 2018-05-17T03:02:04.331561300Z
  83. e8.55c: FileAttributes: 0x20
  84. e8.55c: Size: 0x4aaa8
  85. e8.55c: NT Headers: 0xe8
  86. e8.55c: Timestamp: 0x53c3890f
  87. e8.55c: Machine: 0x8664 - amd64
  88. e8.55c: Timestamp: 0x53c3890f
  89. e8.55c: Image Version: 6.0
  90. e8.55c: SizeOfImage: 0x4e000 (319488)
  91. e8.55c: Resource Dir: 0x4c000 LB 0x760
  92. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  93. e8.55c: [Raw version resource data: 0x4c060 LB 0x700, codepage 0x0 (reserved 0x0)]
  94. e8.55c: ProductName: Trend Micro Eyes
  95. e8.55c: ProductVersion: 6.50
  96. e8.55c: FileVersion: 6.50.0.1041
  97. e8.55c: SpecialBuild: 1041
  98. e8.55c: PrivateBuild: Build 1041 - 7/14/2014
  99. e8.55c: FileDescription: TrendMicro Common Module
  100. e8.55c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  101. e8.55c: CreationTime: 2018-05-22T09:25:36.787967400Z
  102. e8.55c: LastWriteTime: 2018-05-22T16:17:48.650538100Z
  103. e8.55c: ChangeTime: 2018-05-22T16:17:48.697306000Z
  104. e8.55c: FileAttributes: 0x20
  105. e8.55c: Size: 0x3dfb8
  106. e8.55c: NT Headers: 0x110
  107. e8.55c: Timestamp: 0x59e10ceb
  108. e8.55c: Machine: 0x8664 - amd64
  109. e8.55c: Timestamp: 0x59e10ceb
  110. e8.55c: Image Version: 6.3
  111. e8.55c: SizeOfImage: 0x40000 (262144)
  112. e8.55c: Resource Dir: 0x3e000 LB 0x3b8
  113. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  114. e8.55c: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  115. e8.55c: ProductName: Malwarebytes SwissArmy
  116. e8.55c: ProductVersion: 4.2.0.140
  117. e8.55c: FileVersion: 4.2.0.140
  118. e8.55c: FileDescription: Malwarebytes SwissArmy
  119. e8.55c: \SystemRoot\System32\drivers\mwac.sys:
  120. e8.55c: CreationTime: 2018-05-22T09:25:37.178577800Z
  121. e8.55c: LastWriteTime: 2018-05-22T16:17:49.442411300Z
  122. e8.55c: ChangeTime: 2018-05-22T16:17:49.611089800Z
  123. e8.55c: FileAttributes: 0x20
  124. e8.55c: Size: 0x16fc0
  125. e8.55c: NT Headers: 0xf8
  126. e8.55c: Timestamp: 0x59b16dfe
  127. e8.55c: Machine: 0x8664 - amd64
  128. e8.55c: Timestamp: 0x59b16dfe
  129. e8.55c: Image Version: 6.3
  130. e8.55c: SizeOfImage: 0x19000 (102400)
  131. e8.55c: Resource Dir: 0x17000 LB 0x3a8
  132. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  133. e8.55c: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
  134. e8.55c: ProductName: Malwarebytes Web Protection
  135. e8.55c: ProductVersion: 3.0.0.159
  136. e8.55c: FileVersion: 3.0.0.159
  137. e8.55c: FileDescription: Malwarebytes Web Protection
  138. e8.55c: \SystemRoot\System32\drivers\mbamchameleon.sys:
  139. e8.55c: CreationTime: 2018-05-22T09:25:38.232637000Z
  140. e8.55c: LastWriteTime: 2018-05-22T09:25:38.232637000Z
  141. e8.55c: ChangeTime: 2018-05-22T09:25:38.279510300Z
  142. e8.55c: FileAttributes: 0x20
  143. e8.55c: Size: 0x2f5b0
  144. e8.55c: NT Headers: 0xf8
  145. e8.55c: Timestamp: 0x5a1e34d7
  146. e8.55c: Machine: 0x8664 - amd64
  147. e8.55c: Timestamp: 0x5a1e34d7
  148. e8.55c: Image Version: 6.3
  149. e8.55c: SizeOfImage: 0x32000 (204800)
  150. e8.55c: Resource Dir: 0x30000 LB 0x3b8
  151. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  152. e8.55c: [Raw version resource data: 0x30060 LB 0x358, codepage 0x0 (reserved 0x0)]
  153. e8.55c: ProductName: Malwarebytes Chameleon
  154. e8.55c: ProductVersion: 3.0.0.202
  155. e8.55c: FileVersion: 3.0.0.202
  156. e8.55c: FileDescription: Malwarebytes Chameleon
  157. e8.55c: \SystemRoot\System32\drivers\mbam.sys:
  158. e8.55c: CreationTime: 2018-05-22T09:25:44.693209700Z
  159. e8.55c: LastWriteTime: 2018-05-22T16:17:58.736726400Z
  160. e8.55c: ChangeTime: 2018-05-22T16:17:58.754192800Z
  161. e8.55c: FileAttributes: 0x20
  162. e8.55c: Size: 0xb3b8
  163. e8.55c: NT Headers: 0xf0
  164. e8.55c: Timestamp: 0x59df88e1
  165. e8.55c: Machine: 0x8664 - amd64
  166. e8.55c: Timestamp: 0x59df88e1
  167. e8.55c: Image Version: 6.3
  168. e8.55c: SizeOfImage: 0xd000 (53248)
  169. e8.55c: Resource Dir: 0xb000 LB 0x3c0
  170. e8.55c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  171. e8.55c: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
  172. e8.55c: ProductName: Malwarebytes Real-Time Protection
  173. e8.55c: ProductVersion: 3.0.0.116
  174. e8.55c: FileVersion: 3.0.0.116
  175. e8.55c: FileDescription: Malwarebytes Real-Time Protection
  176. e8.55c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  177. e8.55c: Calling main()
  178. e8.55c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  179. e8.55c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  180. e8.55c: SUPR3HardenedMain: Respawn #1
  181. e8.55c: System32: \Device\HarddiskVolume1\Windows\System32
  182. e8.55c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
  183. e8.55c: KnownDllPath: C:\WINDOWS\System32
  184. e8.55c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  185. e8.55c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  186. e8.55c: supR3HardNtEnableThreadCreation:
  187. e8.55c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac97730e0 pvNtTerminateThread=00007ffac979a9e0
  188. e8.55c: supR3HardenedWinDoReSpawn(1): New child ddc.1f3c [kernel32].
  189. e8.55c: supR3HardNtChildGatherData: PebBaseAddress=00000000002bd000 cbPeb=0x388
  190. e8.55c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffac9700000 uNtDllChildAddr=00007ffac9700000
  191. e8.55c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffac97730e0
  192. e8.55c: supR3HardenedWinSetupChildInit: Start child.
  193. e8.55c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  194. e8.55c: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 34 sleeps
  195. e8.55c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  196. e8.55c: *0000000000000000-000000000002ffff 0x0001/0x0000 0x0000000
  197. e8.55c: *0000000000030000-000000000004ffff 0x0004/0x0004 0x0020000
  198. e8.55c: *0000000000050000-0000000000068fff 0x0002/0x0002 0x0040000
  199. e8.55c: 0000000000069000-000000000006ffff 0x0001/0x0000 0x0000000
  200. e8.55c: *0000000000070000-000000000016afff 0x0000/0x0004 0x0020000
  201. e8.55c: 000000000016b000-000000000016dfff 0x0104/0x0004 0x0020000
  202. e8.55c: 000000000016e000-000000000016ffff 0x0004/0x0004 0x0020000
  203. e8.55c: *0000000000170000-0000000000173fff 0x0002/0x0002 0x0040000
  204. e8.55c: 0000000000174000-000000000017ffff 0x0001/0x0000 0x0000000
  205. e8.55c: *0000000000180000-0000000000180fff 0x0004/0x0004 0x0020000
  206. e8.55c: 0000000000181000-00000000001fffff 0x0001/0x0000 0x0000000
  207. e8.55c: *0000000000200000-00000000002bcfff 0x0000/0x0004 0x0020000
  208. e8.55c: 00000000002bd000-00000000002bffff 0x0004/0x0004 0x0020000
  209. e8.55c: 00000000002c0000-00000000003fffff 0x0000/0x0004 0x0020000
  210. e8.55c: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
  211. e8.55c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  212. e8.55c: 000000007ffe1000-00007ff5a9c0ffff 0x0001/0x0000 0x0000000
  213. e8.55c: *00007ff5a9c10000-00007ff5a9c32fff 0x0002/0x0002 0x0040000
  214. e8.55c: 00007ff5a9c33000-00007ff7e0a8ffff 0x0001/0x0000 0x0000000
  215. e8.55c: *00007ff7e0a90000-00007ff7e0a90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  216. e8.55c: 00007ff7e0a91000-00007ff7e0b01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  217. e8.55c: 00007ff7e0b02000-00007ff7e0b02fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  218. e8.55c: 00007ff7e0b03000-00007ff7e0b48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  219. e8.55c: 00007ff7e0b49000-00007ff7e0b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  220. e8.55c: 00007ff7e0b4a000-00007ff7e0b4afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  221. e8.55c: 00007ff7e0b4b000-00007ff7e0b4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  222. e8.55c: 00007ff7e0b50000-00007ff7e0b50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  223. e8.55c: 00007ff7e0b51000-00007ff7e0b51fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  224. e8.55c: 00007ff7e0b52000-00007ff7e0b55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  225. e8.55c: 00007ff7e0b56000-00007ff7e0b9dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  226. e8.55c: 00007ff7e0b9e000-00007ffac96fffff 0x0001/0x0000 0x0000000
  227. e8.55c: *00007ffac9700000-00007ffac9700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  228. e8.55c: 00007ffac9701000-00007ffac980ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  229. e8.55c: 00007ffac9810000-00007ffac9855fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  230. e8.55c: 00007ffac9856000-00007ffac9860fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  231. e8.55c: 00007ffac9861000-00007ffac986efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  232. e8.55c: 00007ffac986f000-00007ffac986ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  233. e8.55c: 00007ffac9870000-00007ffac9872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  234. e8.55c: 00007ffac9873000-00007ffac98e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  235. e8.55c: 00007ffac98e1000-00007ffffffeffff 0x0001/0x0000 0x0000000
  236. e8.55c: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
  237. e8.55c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  238. e8.55c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
  239. e8.55c: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
  240. ddc.1f3c: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
  241. ddc.1f3c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffac9700000 g_uNtVerCombined=0xa042ee00
  242. ddc.1f3c: ntdll.dll: timestamp 0x207580e2 (rc=VINF_SUCCESS)
  243. ddc.1f3c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1970176 allocation)
  244. e8.55c: supR3HardNtEnableThreadCreation:
  245. ddc.1f3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  246. ddc.1f3c: System32: \Device\HarddiskVolume1\Windows\System32
  247. ddc.1f3c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
  248. ddc.1f3c: KnownDllPath: C:\WINDOWS\System32
  249. ddc.1f3c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  250. ddc.1f3c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  251. ddc.1f3c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  252. ddc.1f3c: Registered Dll notification callback with NTDLL.
  253. ddc.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
  254. ddc.1f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
  255. ddc.1f3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  256. ddc.1f3c: supR3HardenedDllNotificationCallback: load 00007ffac6460000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  257. ddc.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
  258. ddc.1f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
  259. ddc.1f3c: supR3HardenedDllNotificationCallback: load 00007ffac93a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  260. ddc.1f3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  261. ddc.1f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac93a0000 'C:\WINDOWS\System32\KERNEL32.DLL'
  262. ddc.1f3c: supR3HardenedDllNotificationCallback: load 00007ff7e0a90000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  263. ddc.1f3c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  264. ddc.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  265. ddc.1f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  266. ddc.1f3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac97730e0 pvNtTerminateThread=00007ffac979a9e0
  267. e8.55c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
  268. ddc.1f3c: \SystemRoot\System32\ntdll.dll:
  269. ddc.1f3c: CreationTime: 2018-04-11T23:34:22.383017500Z
  270. ddc.1f3c: LastWriteTime: 2018-04-11T23:34:22.383017500Z
  271. ddc.1f3c: ChangeTime: 2018-05-13T16:46:20.325487600Z
  272. ddc.1f3c: FileAttributes: 0x20
  273. ddc.1f3c: Size: 0x1db2c0
  274. ddc.1f3c: NT Headers: 0xe8
  275. ddc.1f3c: Timestamp: 0x207580e2
  276. ddc.1f3c: Machine: 0x8664 - amd64
  277. ddc.1f3c: Timestamp: 0x207580e2
  278. ddc.1f3c: Image Version: 10.0
  279. ddc.1f3c: SizeOfImage: 0x1e1000 (1970176)
  280. ddc.1f3c: Resource Dir: 0x174000 LB 0x6b338
  281. ddc.1f3c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  282. ddc.1f3c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  283. ddc.1f3c: ProductName: Microsoft® Windows® Operating System
  284. ddc.1f3c: ProductVersion: 10.0.17134.1
  285. ddc.1f3c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  286. ddc.1f3c: FileDescription: NT Layer DLL
  287. ddc.1f3c: \SystemRoot\System32\kernel32.dll:
  288. ddc.1f3c: CreationTime: 2018-04-11T23:34:40.510607900Z
  289. ddc.1f3c: LastWriteTime: 2018-04-11T23:34:40.510607900Z
  290. ddc.1f3c: ChangeTime: 2018-05-13T16:46:20.137993600Z
  291. ddc.1f3c: FileAttributes: 0x20
  292. ddc.1f3c: Size: 0xafef8
  293. ddc.1f3c: NT Headers: 0xe8
  294. ddc.1f3c: Timestamp: 0x5f488a51
  295. ddc.1f3c: Machine: 0x8664 - amd64
  296. ddc.1f3c: Timestamp: 0x5f488a51
  297. ddc.1f3c: Image Version: 10.0
  298. ddc.1f3c: SizeOfImage: 0xb2000 (729088)
  299. ddc.1f3c: Resource Dir: 0xb0000 LB 0x520
  300. ddc.1f3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  301. ddc.1f3c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  302. ddc.1f3c: ProductName: Microsoft® Windows® Operating System
  303. ddc.1f3c: ProductVersion: 10.0.17134.1
  304. ddc.1f3c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  305. ddc.1f3c: FileDescription: Windows NT BASE API Client DLL
  306. ddc.1f3c: \SystemRoot\System32\KernelBase.dll:
  307. ddc.1f3c: CreationTime: 2018-04-11T23:34:20.976649600Z
  308. ddc.1f3c: LastWriteTime: 2018-04-11T23:34:20.976649600Z
  309. ddc.1f3c: ChangeTime: 2018-05-13T16:46:20.247365300Z
  310. ddc.1f3c: FileAttributes: 0x20
  311. ddc.1f3c: Size: 0x2731d0
  312. ddc.1f3c: NT Headers: 0xf8
  313. ddc.1f3c: Timestamp: 0x701ca188
  314. ddc.1f3c: Machine: 0x8664 - amd64
  315. ddc.1f3c: Timestamp: 0x701ca188
  316. ddc.1f3c: Image Version: 10.0
  317. ddc.1f3c: SizeOfImage: 0x273000 (2568192)
  318. ddc.1f3c: Resource Dir: 0x251000 LB 0x548
  319. ddc.1f3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  320. ddc.1f3c: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  321. ddc.1f3c: ProductName: Microsoft® Windows® Operating System
  322. ddc.1f3c: ProductVersion: 10.0.17134.1
  323. ddc.1f3c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  324. ddc.1f3c: FileDescription: Windows NT BASE API Client DLL
  325. ddc.1f3c: \SystemRoot\System32\apisetschema.dll:
  326. ddc.1f3c: CreationTime: 2018-04-11T23:34:44.042150700Z
  327. ddc.1f3c: LastWriteTime: 2018-04-11T23:34:44.042150700Z
  328. ddc.1f3c: ChangeTime: 2018-05-13T15:14:35.896078500Z
  329. ddc.1f3c: FileAttributes: 0x20
  330. ddc.1f3c: Size: 0x1bd98
  331. ddc.1f3c: NT Headers: 0xd0
  332. ddc.1f3c: Timestamp: 0xd02ff418
  333. ddc.1f3c: Machine: 0x8664 - amd64
  334. ddc.1f3c: Timestamp: 0xd02ff418
  335. ddc.1f3c: Image Version: 10.0
  336. ddc.1f3c: SizeOfImage: 0x1c000 (114688)
  337. ddc.1f3c: Resource Dir: 0x1b000 LB 0x408
  338. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  339. ddc.1f3c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  340. ddc.1f3c: ProductName: Microsoft® Windows® Operating System
  341. ddc.1f3c: ProductVersion: 10.0.17134.1
  342. ddc.1f3c: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  343. ddc.1f3c: FileDescription: ApiSet Schema DLL
  344. ddc.1f3c: supR3HardenedWinFindAdversaries: 0x88
  345. ddc.1f3c: \SystemRoot\System32\drivers\tmcomm.sys:
  346. ddc.1f3c: CreationTime: 2017-11-28T08:18:56.445271200Z
  347. ddc.1f3c: LastWriteTime: 2017-11-28T08:18:56.926588900Z
  348. ddc.1f3c: ChangeTime: 2018-05-17T03:02:04.331561300Z
  349. ddc.1f3c: FileAttributes: 0x20
  350. ddc.1f3c: Size: 0x4aaa8
  351. ddc.1f3c: NT Headers: 0xe8
  352. ddc.1f3c: Timestamp: 0x53c3890f
  353. ddc.1f3c: Machine: 0x8664 - amd64
  354. ddc.1f3c: Timestamp: 0x53c3890f
  355. ddc.1f3c: Image Version: 6.0
  356. ddc.1f3c: SizeOfImage: 0x4e000 (319488)
  357. ddc.1f3c: Resource Dir: 0x4c000 LB 0x760
  358. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  359. ddc.1f3c: [Raw version resource data: 0x4c060 LB 0x700, codepage 0x0 (reserved 0x0)]
  360. ddc.1f3c: ProductName: Trend Micro Eyes
  361. ddc.1f3c: ProductVersion: 6.50
  362. ddc.1f3c: FileVersion: 6.50.0.1041
  363. ddc.1f3c: SpecialBuild: 1041
  364. ddc.1f3c: PrivateBuild: Build 1041 - 7/14/2014
  365. ddc.1f3c: FileDescription: TrendMicro Common Module
  366. ddc.1f3c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  367. ddc.1f3c: CreationTime: 2018-05-22T09:25:36.787967400Z
  368. ddc.1f3c: LastWriteTime: 2018-05-22T16:17:48.650538100Z
  369. ddc.1f3c: ChangeTime: 2018-05-22T16:17:48.697306000Z
  370. ddc.1f3c: FileAttributes: 0x20
  371. ddc.1f3c: Size: 0x3dfb8
  372. ddc.1f3c: NT Headers: 0x110
  373. ddc.1f3c: Timestamp: 0x59e10ceb
  374. ddc.1f3c: Machine: 0x8664 - amd64
  375. ddc.1f3c: Timestamp: 0x59e10ceb
  376. ddc.1f3c: Image Version: 6.3
  377. ddc.1f3c: SizeOfImage: 0x40000 (262144)
  378. ddc.1f3c: Resource Dir: 0x3e000 LB 0x3b8
  379. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  380. ddc.1f3c: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  381. ddc.1f3c: ProductName: Malwarebytes SwissArmy
  382. ddc.1f3c: ProductVersion: 4.2.0.140
  383. ddc.1f3c: FileVersion: 4.2.0.140
  384. ddc.1f3c: FileDescription: Malwarebytes SwissArmy
  385. ddc.1f3c: \SystemRoot\System32\drivers\mwac.sys:
  386. ddc.1f3c: CreationTime: 2018-05-22T09:25:37.178577800Z
  387. ddc.1f3c: LastWriteTime: 2018-05-22T16:17:49.442411300Z
  388. ddc.1f3c: ChangeTime: 2018-05-22T16:17:49.611089800Z
  389. ddc.1f3c: FileAttributes: 0x20
  390. ddc.1f3c: Size: 0x16fc0
  391. ddc.1f3c: NT Headers: 0xf8
  392. ddc.1f3c: Timestamp: 0x59b16dfe
  393. ddc.1f3c: Machine: 0x8664 - amd64
  394. ddc.1f3c: Timestamp: 0x59b16dfe
  395. ddc.1f3c: Image Version: 6.3
  396. ddc.1f3c: SizeOfImage: 0x19000 (102400)
  397. ddc.1f3c: Resource Dir: 0x17000 LB 0x3a8
  398. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  399. ddc.1f3c: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
  400. ddc.1f3c: ProductName: Malwarebytes Web Protection
  401. ddc.1f3c: ProductVersion: 3.0.0.159
  402. ddc.1f3c: FileVersion: 3.0.0.159
  403. ddc.1f3c: FileDescription: Malwarebytes Web Protection
  404. ddc.1f3c: \SystemRoot\System32\drivers\mbamchameleon.sys:
  405. ddc.1f3c: CreationTime: 2018-05-22T09:25:38.232637000Z
  406. ddc.1f3c: LastWriteTime: 2018-05-22T09:25:38.232637000Z
  407. ddc.1f3c: ChangeTime: 2018-05-22T09:25:38.279510300Z
  408. ddc.1f3c: FileAttributes: 0x20
  409. ddc.1f3c: Size: 0x2f5b0
  410. ddc.1f3c: NT Headers: 0xf8
  411. ddc.1f3c: Timestamp: 0x5a1e34d7
  412. ddc.1f3c: Machine: 0x8664 - amd64
  413. ddc.1f3c: Timestamp: 0x5a1e34d7
  414. ddc.1f3c: Image Version: 6.3
  415. ddc.1f3c: SizeOfImage: 0x32000 (204800)
  416. ddc.1f3c: Resource Dir: 0x30000 LB 0x3b8
  417. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  418. ddc.1f3c: [Raw version resource data: 0x30060 LB 0x358, codepage 0x0 (reserved 0x0)]
  419. ddc.1f3c: ProductName: Malwarebytes Chameleon
  420. ddc.1f3c: ProductVersion: 3.0.0.202
  421. ddc.1f3c: FileVersion: 3.0.0.202
  422. ddc.1f3c: FileDescription: Malwarebytes Chameleon
  423. ddc.1f3c: \SystemRoot\System32\drivers\mbam.sys:
  424. ddc.1f3c: CreationTime: 2018-05-22T09:25:44.693209700Z
  425. ddc.1f3c: LastWriteTime: 2018-05-22T16:17:58.736726400Z
  426. ddc.1f3c: ChangeTime: 2018-05-22T16:17:58.754192800Z
  427. ddc.1f3c: FileAttributes: 0x20
  428. ddc.1f3c: Size: 0xb3b8
  429. ddc.1f3c: NT Headers: 0xf0
  430. ddc.1f3c: Timestamp: 0x59df88e1
  431. ddc.1f3c: Machine: 0x8664 - amd64
  432. ddc.1f3c: Timestamp: 0x59df88e1
  433. ddc.1f3c: Image Version: 6.3
  434. ddc.1f3c: SizeOfImage: 0xd000 (53248)
  435. ddc.1f3c: Resource Dir: 0xb000 LB 0x3c0
  436. ddc.1f3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  437. ddc.1f3c: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
  438. ddc.1f3c: ProductName: Malwarebytes Real-Time Protection
  439. ddc.1f3c: ProductVersion: 3.0.0.116
  440. ddc.1f3c: FileVersion: 3.0.0.116
  441. ddc.1f3c: FileDescription: Malwarebytes Real-Time Protection
  442. ddc.1f3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  443. ddc.1f3c: Calling main()
  444. ddc.1f3c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  445. ddc.1f3c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  446. ddc.1f3c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  447. ddc.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  448. ddc.1f3c: SUPR3HardenedMain: Respawn #2
  449. ddc.1f3c: supR3HardNtEnableThreadCreation:
  450. ddc.1f3c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
  451. ddc.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdll.dll)
  452. ddc.1f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  453. ddc.1f3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  454. ddc.1f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9700000 'C:\WINDOWS\System32\ntdll.dll'
  455. ddc.1f3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac97730e0 pvNtTerminateThread=00007ffac979a9e0
  456. ddc.1f3c: supR3HardenedWinDoReSpawn(2): New child 568.15fc [kernel32].
  457. ddc.1f3c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  458. ddc.1f3c: supR3HardNtChildGatherData: PebBaseAddress=0000000000acc000 cbPeb=0x388
  459. ddc.1f3c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffac9700000 uNtDllChildAddr=00007ffac9700000
  460. ddc.1f3c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffac97730e0
  461. ddc.1f3c: supR3HardenedWinSetupChildInit: Start child.
  462. ddc.1f3c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  463. ddc.1f3c: supR3HardNtChildPurify: Startup delay kludge #1/0: 530 ms, 34 sleeps
  464. ddc.1f3c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  465. ddc.1f3c: *0000000000000000-000000000081ffff 0x0001/0x0000 0x0000000
  466. ddc.1f3c: *0000000000820000-000000000083ffff 0x0004/0x0004 0x0020000
  467. ddc.1f3c: *0000000000840000-0000000000858fff 0x0002/0x0002 0x0040000
  468. ddc.1f3c: 0000000000859000-000000000085ffff 0x0001/0x0000 0x0000000
  469. ddc.1f3c: *0000000000860000-000000000095afff 0x0000/0x0004 0x0020000
  470. ddc.1f3c: 000000000095b000-000000000095dfff 0x0104/0x0004 0x0020000
  471. ddc.1f3c: 000000000095e000-000000000095ffff 0x0004/0x0004 0x0020000
  472. ddc.1f3c: *0000000000960000-0000000000963fff 0x0002/0x0002 0x0040000
  473. ddc.1f3c: 0000000000964000-000000000096ffff 0x0001/0x0000 0x0000000
  474. ddc.1f3c: *0000000000970000-0000000000970fff 0x0004/0x0004 0x0020000
  475. ddc.1f3c: 0000000000971000-00000000009fffff 0x0001/0x0000 0x0000000
  476. ddc.1f3c: *0000000000a00000-0000000000acbfff 0x0000/0x0004 0x0020000
  477. ddc.1f3c: 0000000000acc000-0000000000acefff 0x0004/0x0004 0x0020000
  478. ddc.1f3c: 0000000000acf000-0000000000bfffff 0x0000/0x0004 0x0020000
  479. ddc.1f3c: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
  480. ddc.1f3c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  481. ddc.1f3c: 000000007ffe1000-00007ff59a99ffff 0x0001/0x0000 0x0000000
  482. ddc.1f3c: *00007ff59a9a0000-00007ff59a9c2fff 0x0002/0x0002 0x0040000
  483. ddc.1f3c: 00007ff59a9c3000-00007ff7e0a8ffff 0x0001/0x0000 0x0000000
  484. ddc.1f3c: *00007ff7e0a90000-00007ff7e0a90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  485. ddc.1f3c: 00007ff7e0a91000-00007ff7e0b01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  486. ddc.1f3c: 00007ff7e0b02000-00007ff7e0b02fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  487. ddc.1f3c: 00007ff7e0b03000-00007ff7e0b48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  488. ddc.1f3c: 00007ff7e0b49000-00007ff7e0b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  489. ddc.1f3c: 00007ff7e0b4a000-00007ff7e0b4afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  490. ddc.1f3c: 00007ff7e0b4b000-00007ff7e0b4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  491. ddc.1f3c: 00007ff7e0b50000-00007ff7e0b50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  492. ddc.1f3c: 00007ff7e0b51000-00007ff7e0b51fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  493. ddc.1f3c: 00007ff7e0b52000-00007ff7e0b55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  494. ddc.1f3c: 00007ff7e0b56000-00007ff7e0b9dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  495. ddc.1f3c: 00007ff7e0b9e000-00007ffac96fffff 0x0001/0x0000 0x0000000
  496. ddc.1f3c: *00007ffac9700000-00007ffac9700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  497. ddc.1f3c: 00007ffac9701000-00007ffac980ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  498. ddc.1f3c: 00007ffac9810000-00007ffac9855fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  499. ddc.1f3c: 00007ffac9856000-00007ffac9860fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  500. ddc.1f3c: 00007ffac9861000-00007ffac986efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  501. ddc.1f3c: 00007ffac986f000-00007ffac986ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  502. ddc.1f3c: 00007ffac9870000-00007ffac9872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  503. ddc.1f3c: 00007ffac9873000-00007ffac98e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
  504. ddc.1f3c: 00007ffac98e1000-00007ffffffeffff 0x0001/0x0000 0x0000000
  505. ddc.1f3c: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
  506. ddc.1f3c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  507. ddc.1f3c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
  508. ddc.1f3c: supR3HardNtChildPurify: Done after 570 ms and 0 fixes (loop #0).
  509. 568.15fc: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
  510. 568.15fc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffac9700000 g_uNtVerCombined=0xa042ee00
  511. 568.15fc: ntdll.dll: timestamp 0x207580e2 (rc=VINF_SUCCESS)
  512. 568.15fc: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1970176 allocation)
  513. ddc.1f3c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
  514. ddc.1f3c: supR3HardNtEnableThreadCreation:
  515. 568.15fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  516. 568.15fc: System32: \Device\HarddiskVolume1\Windows\System32
  517. 568.15fc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
  518. 568.15fc: KnownDllPath: C:\WINDOWS\System32
  519. 568.15fc: supR3HardenedVmProcessInit: Opening vboxdrv...
  520. 568.15fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  521. 568.15fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  522. 568.15fc: Registered Dll notification callback with NTDLL.
  523. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
  524. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
  525. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  526. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac6460000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  527. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
  528. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
  529. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac93a0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  530. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  531. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac93a0000 'C:\WINDOWS\System32\KERNEL32.DLL'
  532. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ff7e0a90000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  533. 568.15fc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  534. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  535. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
  536. 568.15fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffac97730e0 pvNtTerminateThread=00007ffac979a9e0
  537. ddc.1f3c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 91 ms.
  538. 568.15fc: \SystemRoot\System32\ntdll.dll:
  539. 568.15fc: CreationTime: 2018-04-11T23:34:22.383017500Z
  540. 568.15fc: LastWriteTime: 2018-04-11T23:34:22.383017500Z
  541. 568.15fc: ChangeTime: 2018-05-13T16:46:20.325487600Z
  542. 568.15fc: FileAttributes: 0x20
  543. 568.15fc: Size: 0x1db2c0
  544. 568.15fc: NT Headers: 0xe8
  545. 568.15fc: Timestamp: 0x207580e2
  546. 568.15fc: Machine: 0x8664 - amd64
  547. 568.15fc: Timestamp: 0x207580e2
  548. 568.15fc: Image Version: 10.0
  549. 568.15fc: SizeOfImage: 0x1e1000 (1970176)
  550. 568.15fc: Resource Dir: 0x174000 LB 0x6b338
  551. 568.15fc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  552. 568.15fc: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  553. 568.15fc: ProductName: Microsoft® Windows® Operating System
  554. 568.15fc: ProductVersion: 10.0.17134.1
  555. 568.15fc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  556. 568.15fc: FileDescription: NT Layer DLL
  557. 568.15fc: \SystemRoot\System32\kernel32.dll:
  558. 568.15fc: CreationTime: 2018-04-11T23:34:40.510607900Z
  559. 568.15fc: LastWriteTime: 2018-04-11T23:34:40.510607900Z
  560. 568.15fc: ChangeTime: 2018-05-13T16:46:20.137993600Z
  561. 568.15fc: FileAttributes: 0x20
  562. 568.15fc: Size: 0xafef8
  563. 568.15fc: NT Headers: 0xe8
  564. 568.15fc: Timestamp: 0x5f488a51
  565. 568.15fc: Machine: 0x8664 - amd64
  566. 568.15fc: Timestamp: 0x5f488a51
  567. 568.15fc: Image Version: 10.0
  568. 568.15fc: SizeOfImage: 0xb2000 (729088)
  569. 568.15fc: Resource Dir: 0xb0000 LB 0x520
  570. 568.15fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  571. 568.15fc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  572. 568.15fc: ProductName: Microsoft® Windows® Operating System
  573. 568.15fc: ProductVersion: 10.0.17134.1
  574. 568.15fc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  575. 568.15fc: FileDescription: Windows NT BASE API Client DLL
  576. 568.15fc: \SystemRoot\System32\KernelBase.dll:
  577. 568.15fc: CreationTime: 2018-04-11T23:34:20.976649600Z
  578. 568.15fc: LastWriteTime: 2018-04-11T23:34:20.976649600Z
  579. 568.15fc: ChangeTime: 2018-05-13T16:46:20.247365300Z
  580. 568.15fc: FileAttributes: 0x20
  581. 568.15fc: Size: 0x2731d0
  582. 568.15fc: NT Headers: 0xf8
  583. 568.15fc: Timestamp: 0x701ca188
  584. 568.15fc: Machine: 0x8664 - amd64
  585. 568.15fc: Timestamp: 0x701ca188
  586. 568.15fc: Image Version: 10.0
  587. 568.15fc: SizeOfImage: 0x273000 (2568192)
  588. 568.15fc: Resource Dir: 0x251000 LB 0x548
  589. 568.15fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  590. 568.15fc: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  591. 568.15fc: ProductName: Microsoft® Windows® Operating System
  592. 568.15fc: ProductVersion: 10.0.17134.1
  593. 568.15fc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  594. 568.15fc: FileDescription: Windows NT BASE API Client DLL
  595. 568.15fc: \SystemRoot\System32\apisetschema.dll:
  596. 568.15fc: CreationTime: 2018-04-11T23:34:44.042150700Z
  597. 568.15fc: LastWriteTime: 2018-04-11T23:34:44.042150700Z
  598. 568.15fc: ChangeTime: 2018-05-13T15:14:35.896078500Z
  599. 568.15fc: FileAttributes: 0x20
  600. 568.15fc: Size: 0x1bd98
  601. 568.15fc: NT Headers: 0xd0
  602. 568.15fc: Timestamp: 0xd02ff418
  603. 568.15fc: Machine: 0x8664 - amd64
  604. 568.15fc: Timestamp: 0xd02ff418
  605. 568.15fc: Image Version: 10.0
  606. 568.15fc: SizeOfImage: 0x1c000 (114688)
  607. 568.15fc: Resource Dir: 0x1b000 LB 0x408
  608. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  609. 568.15fc: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  610. 568.15fc: ProductName: Microsoft® Windows® Operating System
  611. 568.15fc: ProductVersion: 10.0.17134.1
  612. 568.15fc: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
  613. 568.15fc: FileDescription: ApiSet Schema DLL
  614. 568.15fc: supR3HardenedWinFindAdversaries: 0x88
  615. 568.15fc: \SystemRoot\System32\drivers\tmcomm.sys:
  616. 568.15fc: CreationTime: 2017-11-28T08:18:56.445271200Z
  617. 568.15fc: LastWriteTime: 2017-11-28T08:18:56.926588900Z
  618. 568.15fc: ChangeTime: 2018-05-17T03:02:04.331561300Z
  619. 568.15fc: FileAttributes: 0x20
  620. 568.15fc: Size: 0x4aaa8
  621. 568.15fc: NT Headers: 0xe8
  622. 568.15fc: Timestamp: 0x53c3890f
  623. 568.15fc: Machine: 0x8664 - amd64
  624. 568.15fc: Timestamp: 0x53c3890f
  625. 568.15fc: Image Version: 6.0
  626. 568.15fc: SizeOfImage: 0x4e000 (319488)
  627. 568.15fc: Resource Dir: 0x4c000 LB 0x760
  628. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  629. 568.15fc: [Raw version resource data: 0x4c060 LB 0x700, codepage 0x0 (reserved 0x0)]
  630. 568.15fc: ProductName: Trend Micro Eyes
  631. 568.15fc: ProductVersion: 6.50
  632. 568.15fc: FileVersion: 6.50.0.1041
  633. 568.15fc: SpecialBuild: 1041
  634. 568.15fc: PrivateBuild: Build 1041 - 7/14/2014
  635. 568.15fc: FileDescription: TrendMicro Common Module
  636. 568.15fc: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  637. 568.15fc: CreationTime: 2018-05-22T09:25:36.787967400Z
  638. 568.15fc: LastWriteTime: 2018-05-22T16:17:48.650538100Z
  639. 568.15fc: ChangeTime: 2018-05-22T16:17:48.697306000Z
  640. 568.15fc: FileAttributes: 0x20
  641. 568.15fc: Size: 0x3dfb8
  642. 568.15fc: NT Headers: 0x110
  643. 568.15fc: Timestamp: 0x59e10ceb
  644. 568.15fc: Machine: 0x8664 - amd64
  645. 568.15fc: Timestamp: 0x59e10ceb
  646. 568.15fc: Image Version: 6.3
  647. 568.15fc: SizeOfImage: 0x40000 (262144)
  648. 568.15fc: Resource Dir: 0x3e000 LB 0x3b8
  649. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  650. 568.15fc: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  651. 568.15fc: ProductName: Malwarebytes SwissArmy
  652. 568.15fc: ProductVersion: 4.2.0.140
  653. 568.15fc: FileVersion: 4.2.0.140
  654. 568.15fc: FileDescription: Malwarebytes SwissArmy
  655. 568.15fc: \SystemRoot\System32\drivers\mwac.sys:
  656. 568.15fc: CreationTime: 2018-05-22T09:25:37.178577800Z
  657. 568.15fc: LastWriteTime: 2018-05-22T16:17:49.442411300Z
  658. 568.15fc: ChangeTime: 2018-05-22T16:17:49.611089800Z
  659. 568.15fc: FileAttributes: 0x20
  660. 568.15fc: Size: 0x16fc0
  661. 568.15fc: NT Headers: 0xf8
  662. 568.15fc: Timestamp: 0x59b16dfe
  663. 568.15fc: Machine: 0x8664 - amd64
  664. 568.15fc: Timestamp: 0x59b16dfe
  665. 568.15fc: Image Version: 6.3
  666. 568.15fc: SizeOfImage: 0x19000 (102400)
  667. 568.15fc: Resource Dir: 0x17000 LB 0x3a8
  668. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  669. 568.15fc: [Raw version resource data: 0x17060 LB 0x348, codepage 0x0 (reserved 0x0)]
  670. 568.15fc: ProductName: Malwarebytes Web Protection
  671. 568.15fc: ProductVersion: 3.0.0.159
  672. 568.15fc: FileVersion: 3.0.0.159
  673. 568.15fc: FileDescription: Malwarebytes Web Protection
  674. 568.15fc: \SystemRoot\System32\drivers\mbamchameleon.sys:
  675. 568.15fc: CreationTime: 2018-05-22T09:25:38.232637000Z
  676. 568.15fc: LastWriteTime: 2018-05-22T09:25:38.232637000Z
  677. 568.15fc: ChangeTime: 2018-05-22T09:25:38.279510300Z
  678. 568.15fc: FileAttributes: 0x20
  679. 568.15fc: Size: 0x2f5b0
  680. 568.15fc: NT Headers: 0xf8
  681. 568.15fc: Timestamp: 0x5a1e34d7
  682. 568.15fc: Machine: 0x8664 - amd64
  683. 568.15fc: Timestamp: 0x5a1e34d7
  684. 568.15fc: Image Version: 6.3
  685. 568.15fc: SizeOfImage: 0x32000 (204800)
  686. 568.15fc: Resource Dir: 0x30000 LB 0x3b8
  687. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  688. 568.15fc: [Raw version resource data: 0x30060 LB 0x358, codepage 0x0 (reserved 0x0)]
  689. 568.15fc: ProductName: Malwarebytes Chameleon
  690. 568.15fc: ProductVersion: 3.0.0.202
  691. 568.15fc: FileVersion: 3.0.0.202
  692. 568.15fc: FileDescription: Malwarebytes Chameleon
  693. 568.15fc: \SystemRoot\System32\drivers\mbam.sys:
  694. 568.15fc: CreationTime: 2018-05-22T09:25:44.693209700Z
  695. 568.15fc: LastWriteTime: 2018-05-22T16:17:58.736726400Z
  696. 568.15fc: ChangeTime: 2018-05-22T16:17:58.754192800Z
  697. 568.15fc: FileAttributes: 0x20
  698. 568.15fc: Size: 0xb3b8
  699. 568.15fc: NT Headers: 0xf0
  700. 568.15fc: Timestamp: 0x59df88e1
  701. 568.15fc: Machine: 0x8664 - amd64
  702. 568.15fc: Timestamp: 0x59df88e1
  703. 568.15fc: Image Version: 6.3
  704. 568.15fc: SizeOfImage: 0xd000 (53248)
  705. 568.15fc: Resource Dir: 0xb000 LB 0x3c0
  706. 568.15fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  707. 568.15fc: [Raw version resource data: 0xb060 LB 0x360, codepage 0x0 (reserved 0x0)]
  708. 568.15fc: ProductName: Malwarebytes Real-Time Protection
  709. 568.15fc: ProductVersion: 3.0.0.116
  710. 568.15fc: FileVersion: 3.0.0.116
  711. 568.15fc: FileDescription: Malwarebytes Real-Time Protection
  712. 568.15fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  713. 568.15fc: Calling main()
  714. 568.15fc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  715. 568.15fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
  716. 568.15fc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  717. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  718. 568.15fc: SUPR3HardenedMain: Final process, opening VBoxDrv...
  719. 568.15fc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
  720. 568.15fc: supR3HardNtEnableThreadCreation:
  721. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  722. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  723. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  724. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  725. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffaa2660000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  726. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  727. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  728. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  729. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa2660000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  730. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  731. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  732. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa2660000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  733. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa2660000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  734. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  735. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
  736. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  737. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
  738. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
  739. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
  740. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  741. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  742. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
  743. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
  744. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  745. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  746. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
  747. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
  748. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
  749. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  750. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  751. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
  752. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
  753. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  754. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  755. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
  756. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
  757. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  758. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  759. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  760. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  761. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac9090000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
  762. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  763. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5a90000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
  764. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  765. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5bd0000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
  766. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll)
  767. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll
  768. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac69a0000 LB 0x001e2000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
  769. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  770. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac9130000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
  771. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  772. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac85c0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
  773. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  774. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
  775. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
  776. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac8d60000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
  777. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  778. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
  779. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
  780. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
  781. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
  782. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac6700000 LB 0x00057000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
  783. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  784. 568.15fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  785. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  786. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6460000 'api-ms-win-core-synch-l1-2-0'
  787. 568.15fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  788. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  789. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6460000 'api-ms-win-core-fibers-l1-1-1'
  790. 568.15fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  791. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  792. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6460000 'api-ms-win-core-fibers-l1-1-1'
  793. 568.15fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  794. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  795. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6460000 'api-ms-win-core-synch-l1-2-0'
  796. 568.15fc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
  797. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  798. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6460000 'api-ms-win-core-localization-l1-2-1'
  799. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\WINDOWS\system32\Wintrust.dll'
  800. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
  801. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
  802. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  803. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  804. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  805. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  806. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume1\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  807. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  808. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  809. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  810. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  811. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  812. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  813. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  814. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  815. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  816. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5570000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
  817. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  818. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac5570000 'C:\WINDOWS\system32\bcrypt.dll'
  819. 568.15fc: bcrypt.dll loaded at 00007ffac5570000, BCryptOpenAlgorithmProvider at 00007ffac5572770, preloading providers:
  820. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
  821. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
  822. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  823. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac63e0000 LB 0x0007a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
  824. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  825. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac63e0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  826. 568.15fc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000011d5c00)
  827. 568.15fc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000011e0550)
  828. 568.15fc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000011e0820)
  829. 568.15fc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000011e0af0)
  830. 568.15fc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000011e0dc0)
  831. 568.15fc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000011e1090)
  832. 568.15fc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011e1360)
  833. 568.15fc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011e1630)
  834. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  835. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  836. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  837. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  838. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  839. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  840. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  841. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  842. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  843. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  844. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  845. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  846. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  847. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  848. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  849. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  850. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  851. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  852. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  853. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  854. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  855. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
  856. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
  857. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5440000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  858. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  859. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
  860. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
  861. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
  862. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  863. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  864. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  865. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  866. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  867. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac4e10000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  868. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  869. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  870. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  871. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
  872. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
  873. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5460000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  874. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  875. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  876. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  877. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  878. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  879. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  880. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac93a0000 'C:\WINDOWS\System32\kernel32.dll'
  881. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  882. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\Windows\System32\WINTRUST.DLL'
  883. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  884. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  885. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\CRYPT32.dll'
  886. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac9670000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
  887. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
  888. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
  889. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  890. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  891. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  892. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  893. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  894. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
  895. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
  896. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac4750000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
  897. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  898. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac5ab0000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
  899. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
  900. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
  901. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  902. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
  903. 568.15fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
  904. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
  905. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  906. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  907. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  908. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  909. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  910. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  911. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  912. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  913. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  914. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  915. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  916. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  917. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  918. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  919. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffaa6ef0000 LB 0x0002e000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
  920. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  921. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  922. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  923. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  924. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  925. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  926. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  927. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  928. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  929. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  930. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  931. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  932. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  933. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  934. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  935. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  936. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  937. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  938. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  939. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  940. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  941. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  942. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  943. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  944. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  945. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  946. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  947. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  948. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  949. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\WINDOWS\System32\cryptnet.dll'
  950. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  951. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa6ef0000 'C:\Windows\System32\cryptnet.dll'
  952. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  953. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  954. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  955. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  956. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  957. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  958. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  959. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca190
  960. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca190
  961. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=98003193C3DABFC8058E41BA6C80A93085D521AF
  962. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  963. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  964. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9130000 'C:\WINDOWS\System32\rpcrt4.dll'
  965. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  966. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca010
  967. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca010
  968. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=2800FDB99B716FC1E16A8119BF1546C1E180401BA8CD3BBCC8BA050DCC494BB6
  969. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  970. 568.15fc: g_pfnWinVerifyTrust=00007ffac6709940
  971. 568.15fc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  972. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  973. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  974. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  975. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  976. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  977. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  978. 568.15fc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
  979. 568.15fc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  980. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  981. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  982. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  983. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
  984. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  985. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  986. 568.15fc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
  987. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
  988. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012ca190
  989. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca190
  990. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
  991. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  992. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9c50
  993. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9c50
  994. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
  995. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  996. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012ca010
  997. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca010
  998. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=B8D9D3FD6DD3F64E7A18AAC4AFDFC7A5597D5A4B7607EFEAAA27B29E48290FEC
  999. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1000. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9d10
  1001. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9d10
  1002. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=B8D9D3FD6DD3F64E7A18AAC4AFDFC7A5597D5A4B7607EFEAAA27B29E48290FEC
  1003. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1004. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1005. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
  1006. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1007. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1008. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1009. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
  1010. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1011. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1012. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
  1013. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1014. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1015. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1016. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1017. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
  1018. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1019. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1020. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1021. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
  1022. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1023. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1024. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1025. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
  1026. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1027. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1028. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1029. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
  1030. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1031. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1032. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
  1033. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1034. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1035. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
  1036. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1037. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1038. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
  1039. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1040. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
  1041. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1042. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1043. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
  1044. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
  1045. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1046. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1047. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1048. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
  1049. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1050. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1051. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll'
  1052. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1053. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1054. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
  1055. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1056. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1057. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
  1058. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1059. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1060. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
  1061. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1062. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  1063. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1064. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  1065. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1066. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1067. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
  1068. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1069. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1070. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
  1071. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\system32\crypt32.dll'
  1072. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x5d0dd004fa5ce400 CN=Bitdefender Personal CA.avfree000000, OU=IDS, O=Bitdefender, C=US
  1073. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1074. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  1075. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  1076. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  1077. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
  1078. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1079. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  1080. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1081. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1082. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  1083. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x7d4511bd31e4bf00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
  1084. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  1085. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
  1086. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
  1087. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd66525adaaa600 C=JP, O=Japanese Government, OU=GPKI, CN=ApplicationCA2 Root
  1088. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  1089. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
  1090. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  1091. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
  1092. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
  1093. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
  1094. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  1095. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1096. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
  1097. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
  1098. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
  1099. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  1100. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
  1101. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  1102. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  1103. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  1104. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  1105. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
  1106. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  1107. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
  1108. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  1109. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
  1110. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
  1111. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
  1112. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  1113. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
  1114. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
  1115. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1116. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
  1117. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
  1118. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
  1119. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
  1120. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
  1121. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  1122. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  1123. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  1124. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  1125. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
  1126. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  1127. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
  1128. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  1129. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
  1130. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
  1131. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
  1132. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  1133. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  1134. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  1135. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
  1136. 568.15fc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  1137. 568.15fc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=65
  1138. 568.15fc: SUPR3HardenedMain: Load Runtime...
  1139. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1140. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1141. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  1142. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  1143. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  1144. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
  1145. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1146. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1147. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1148. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
  1149. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1150. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1151. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1152. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1153. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  1154. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
  1155. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
  1156. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1157. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1158. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1159. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1160. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
  1161. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1162. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1163. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
  1164. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1165. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1166. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1167. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1168. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1169. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  1170. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll)
  1171. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
  1172. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1173. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
  1174. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1175. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1176. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  1177. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1178. 568.15fc: supR3HardenedDllNotificationCallback: load 0000000054430000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
  1179. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  1180. 568.15fc: supR3HardenedDllNotificationCallback: load 0000000054510000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
  1181. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1182. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffac8f90000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
  1183. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
  1184. 568.15fc: supR3HardenedDllNotificationCallback: load 00007ffa81ff0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
  1185. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1186. 568.15fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  1187. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
  1188. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1189. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1190. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1191. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1192. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1193. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1194. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1195. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1196. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1197. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1198. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1199. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1200. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1201. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1202. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1203. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1204. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1205. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1206. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1207. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1208. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1209. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1210. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1211. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1212. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1213. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1214. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1215. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1216. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1217. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1218. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1219. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1220. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1221. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1222. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1223. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1224. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1225. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1226. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1227. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1228. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1229. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1230. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1231. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1232. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1233. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1234. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1235. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1236. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa81ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1237. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac6700000 'C:\WINDOWS\system32\Wintrust.dll'
  1238. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1239. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1240. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\system32\crypt32.dll'
  1241. 568.15fc: SUPR3HardenedMain: Load TrustedMain...
  1242. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1243. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
  1244. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  1245. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
  1246. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1247. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1248. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
  1249. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
  1250. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
  1251. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
  1252. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
  1253. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
  1254. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
  1255. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
  1256. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
  1257. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
  1258. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
  1259. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
  1260. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  1261. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  1262. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1263. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1264. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
  1265. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
  1266. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
  1267. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
  1268. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1269. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1270. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
  1271. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1272. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1273. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
  1274. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
  1275. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
  1276. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'.
  1277. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1278. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmmbase.dll)
  1279. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmmbase.dll
  1280. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1281. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1282. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
  1283. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1284. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1285. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1286. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  1287. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
  1288. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
  1289. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
  1290. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
  1291. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1292. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1293. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1294. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1295. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
  1296. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1297. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1298. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\combase.dll'.
  1299. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  1300. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
  1301. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\combase.dll)
  1302. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\combase.dll
  1303. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  1304. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  1305. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'.
  1306. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll)
  1307. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcp_win.dll
  1308. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  1309. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  1310. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
  1311. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1312. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1313. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1314. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1315. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
  1316. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
  1317. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
  1318. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
  1319. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
  1320. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
  1321. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1322. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1323. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1324. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume1\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1325. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\combase.dll [lacks WinVerifyTrust]
  1326. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1327. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1328. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\user32.dll'.
  1329. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  1330. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
  1331. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
  1332. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
  1333. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1334. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1335. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'.
  1336. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
  1337. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
  1338. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1339. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1340. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1341. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1342. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1343. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  1344. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume1\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  1345. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\win32u.dll'.
  1346. 568.15fc: '\Device\HarddiskVolume1\Windows\System32\win32u.dll' has no imports
  1347. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\win32u.dll)
  1348. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\win32u.dll
  1349. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1350. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1351. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1352. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
  1353. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
  1354. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
  1355. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
  1356. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1357. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1358. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
  1359. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1360. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1361. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [redoing WinVerifyTrust]
  1362. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1363. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1364. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1365. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1366. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1367. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1368. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1369. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1370. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
  1371. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1372. 568.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
  1373. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1374. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1375. 568.15fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
  1376. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
  1377. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
  1378. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1379. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
  1380. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
  1381. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
  1382. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1383. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
  1384. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
  1385. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
  1386. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
  1387. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1388. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1389. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1390. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1391. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1392. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
  1393. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1394. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
  1395. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  1396. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  1397. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  1398. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
  1399. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
  1400. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
  1401. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
  1402. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
  1403. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1404. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1405. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
  1406. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
  1407. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1408. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1409. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1410. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1411. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1412. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1413. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
  1414. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
  1415. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1416. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1417. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
  1418. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1419. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1420. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
  1421. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
  1422. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  1423. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1424. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1425. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
  1426. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
  1427. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1428. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1429. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1430. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1431. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1432. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1433. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1434. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1435. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
  1436. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1437. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1438. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1439. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1440. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1441. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
  1442. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1443. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1444. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1445. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1446. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1447. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1448. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1449. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1450. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1451. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1452. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1453. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1454. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1455. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1456. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1457. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1458. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1459. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1460. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1461. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1462. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1463. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1464. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1465. 568.15fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'.
  1466. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1467. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  1468. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1469. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  1470. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
  1471. 568.15fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll)
  1472. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
  1473. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1474. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1475. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
  1476. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1477. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1478. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1479. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1480. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1481. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1482. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  1483. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  1484. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\mpr.dll'.
  1485. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll)
  1486. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
  1487. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1488. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1489. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
  1490. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1491. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1492. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
  1493. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1494. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1495. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
  1496. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1497. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1498. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
  1499. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1500. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1501. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1502. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
  1503. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
  1504. 568.15fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\glu32.dll'.
  1505. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1506. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  1507. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
  1508. 568.15fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\glu32.dll)
  1509. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
  1510. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1511. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1512. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1513. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1514. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1515. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1516. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1517. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1518. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
  1519. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1520. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1521. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
  1522. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1523. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1524. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
  1525. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1526. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1527. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1528. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1529. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1530. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1531. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1532. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1533. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
  1534. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
  1535. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1536. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
  1537. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
  1538. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
  1539. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
  1540. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
  1541. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1542. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1543. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
  1544. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1545. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1546. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1547. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  1548. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  1549. 568.15fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'.
  1550. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1551. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
  1552. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shlwapi.dll'.
  1553. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
  1554. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'comctl32.dll'.
  1555. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'shell32.dll'.
  1556. 568.15fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll)
  1557. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
  1558. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
  1559. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
  1560. 568.15fc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\winspool.drv'.
  1561. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1562. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
  1563. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'iphlpapi.dll'.
  1564. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcrypt.dll'.
  1565. 568.15fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winspool.drv)
  1566. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
  1567. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1568. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1569. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1570. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1571. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1572. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
  1573. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1574. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1575. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
  1576. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1577. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1578. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
  1579. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1580. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1581. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1582. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1583. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1584. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
  1585. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
  1586. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
  1587. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'.
  1588. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL)
  1589. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
  1590. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
  1591. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
  1592. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\propsys.dll'.
  1593. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1594. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
  1595. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
  1596. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll)
  1597. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
  1598. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1599. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1600. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1601. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1602. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
  1603. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  1604. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  1605. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'.
  1606. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  1607. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1608. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1609. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll)
  1610. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
  1611. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1612. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1613. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1614. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1615. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1616. 568.15fc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'.
  1617. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1618. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
  1619. 568.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
  1620. 568.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
  1621. 568.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
  1622. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1623. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1624. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1625. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1626. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1627. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1628. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1629. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1630. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1631. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1632. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1633. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1634. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1635. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1636. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1637. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1638. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1639. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1640. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
  1641. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1642. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1643. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1644. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1645. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
  1646. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1647. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1648. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1649. 568.15fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
  1650. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1651. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1652. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
  1653. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1654. 568.15fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
  1655. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1656. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1657. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
  1658. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1659. 568.15fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
  1660. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1661. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1662. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
  1663. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1664. 568.15fc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll'
  1665. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1666. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1667. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
  1668. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  1669. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  1670. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1671. 568.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1672. 568.15fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
  1673. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
  1674. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012c9c50
  1675. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9c50
  1676. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
  1677. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1678. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca3d0
  1679. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca3d0
  1680. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
  1681. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1682. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012c9d10
  1683. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9d10
  1684. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=519D02D685C6123F2936ED547F838F95C1A149900D4AC28895CC18D497D553DD
  1685. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1686. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca610
  1687. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca610
  1688. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=519D02D685C6123F2936ED547F838F95C1A149900D4AC28895CC18D497D553DD
  1689. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1690. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1691. 568.15fc: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
  1692. 568.15fc: Error (rc=0):
  1693. 568.15fc: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Windows\System32\opengl32.dll
  1694. 568.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1695. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
  1696. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
  1697. 568.15fc: Error (rc=0):
  1698. 568.15fc: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xf cHits=3 \Device\HarddiskVolume1\Windows\System32\opengl32.dll
  1699. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
  1700. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1701. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1702. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
  1703. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1704. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1705. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
  1706. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1707. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1708. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\propsys.dll'
  1709. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1710. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1711. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
  1712. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
  1713. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012ca3d0
  1714. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca3d0
  1715. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70C8F85EBF9C178A82E4B3642D1F96438D2C73D6
  1716. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1717. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9b90
  1718. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9b90
  1719. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70C8F85EBF9C178A82E4B3642D1F96438D2C73D6
  1720. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1721. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012ca610
  1722. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca610
  1723. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=56C498D1229AF71FBD24C881AE10778EE3C7986D0991B5810AE6772B15DE2637
  1724. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1725. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9a10
  1726. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9a10
  1727. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=56C498D1229AF71FBD24C881AE10778EE3C7986D0991B5810AE6772B15DE2637
  1728. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1729. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1730. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winspool.drv'
  1731. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000408 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
  1732. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012c9b90
  1733. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9b90
  1734. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6868B70823C29BB44065B2BB121FA81DF77F96EB
  1735. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1736. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9950
  1737. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9950
  1738. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6868B70823C29BB44065B2BB121FA81DF77F96EB
  1739. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1740. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012c9a10
  1741. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9a10
  1742. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=63ECF711A8104A4BC60C47A865D35F89EBF548B9B220D63EE3C6BDE8A2387743
  1743. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1744. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca610
  1745. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca610
  1746. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=63ECF711A8104A4BC60C47A865D35F89EBF548B9B220D63EE3C6BDE8A2387743
  1747. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1748. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1749. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
  1750. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
  1751. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012c9950
  1752. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9950
  1753. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AEBDA7F9CE62121C5283368BCE33004ECEC2C78B
  1754. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1755. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012c9f50
  1756. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012c9f50
  1757. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AEBDA7F9CE62121C5283368BCE33004ECEC2C78B
  1758. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1759. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000012ca610
  1760. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca610
  1761. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=95DB3FD6A8C821B003E69EFA5D89F9886A0388D3BB7271DCCC30CEEB42F1E033
  1762. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
  1763. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000012ca010
  1764. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000012ca010
  1765. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=95DB3FD6A8C821B003E69EFA5D89F9886A0388D3BB7271DCCC30CEEB42F1E033
  1766. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
  1767. 568.15fc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1768. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\glu32.dll'
  1769. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1770. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1771. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\mpr.dll'
  1772. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1773. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1774. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\win32u.dll'
  1775. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1776. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1777. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
  1778. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1779. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1780. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcp_win.dll'
  1781. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1782. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1783. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\combase.dll'
  1784. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4e10000 'C:\WINDOWS\system32\rsaenh.dll'
  1785. 568.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac69a0000 'C:\WINDOWS\System32\crypt32.dll'
  1786. 568.15fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'
  1787. 568.15fc: Fatal error:
  1788. 568.15fc: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
  1789. ddc.1f3c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1869 ms, the end);
  1790. e8.55c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2598 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!