API tools faq
paste
Advertisement
Guest User

VBoxHardening.log

a guest
May 5th, 2018
377
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 179.89 KB | None | 0 0
raw download clone embed print report
  1. 1318.131c: Log file opened: 5.2.10r122406 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
  2. 1318.131c: \SystemRoot\System32\ntdll.dll:
  3. 1318.131c: CreationTime: 2018-04-30T06:07:01.677410000Z
  4. 1318.131c: LastWriteTime: 2018-03-09T21:20:47.469387600Z
  5. 1318.131c: ChangeTime: 2018-04-30T14:46:08.788455400Z
  6. 1318.131c: FileAttributes: 0x20
  7. 1318.131c: Size: 0x1a8378
  8. 1318.131c: NT Headers: 0xd8
  9. 1318.131c: Timestamp: 0x5aa29ff0
  10. 1318.131c: Machine: 0x8664 - amd64
  11. 1318.131c: Timestamp: 0x5aa29ff0
  12. 1318.131c: Image Version: 6.3
  13. 1318.131c: SizeOfImage: 0x1ad000 (1757184)
  14. 1318.131c: Resource Dir: 0x149000 LB 0x62558
  15. 1318.131c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  16. 1318.131c: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  17. 1318.131c: ProductName: Microsoft® Windows® Operating System
  18. 1318.131c: ProductVersion: 6.3.9600.18969
  19. 1318.131c: FileVersion: 6.3.9600.18969 (winblue_ltsb.180309-0600)
  20. 1318.131c: FileDescription: NT Layer DLL
  21. 1318.131c: \SystemRoot\System32\kernel32.dll:
  22. 1318.131c: CreationTime: 2018-04-30T06:10:41.089073400Z
  23. 1318.131c: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  24. 1318.131c: ChangeTime: 2018-04-30T14:46:55.333798600Z
  25. 1318.131c: FileAttributes: 0x20
  26. 1318.131c: Size: 0x13fc30
  27. 1318.131c: NT Headers: 0xf8
  28. 1318.131c: Timestamp: 0x545054ca
  29. 1318.131c: Machine: 0x8664 - amd64
  30. 1318.131c: Timestamp: 0x545054ca
  31. 1318.131c: Image Version: 6.3
  32. 1318.131c: SizeOfImage: 0x13e000 (1302528)
  33. 1318.131c: Resource Dir: 0x12e000 LB 0x518
  34. 1318.131c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  35. 1318.131c: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
  36. 1318.131c: ProductName: Microsoft® Windows® Operating System
  37. 1318.131c: ProductVersion: 6.3.9600.17415
  38. 1318.131c: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  39. 1318.131c: FileDescription: Windows NT BASE API Client DLL
  40. 1318.131c: \SystemRoot\System32\KernelBase.dll:
  41. 1318.131c: CreationTime: 2018-04-30T06:07:02.600644600Z
  42. 1318.131c: LastWriteTime: 2018-02-10T01:25:42.672992200Z
  43. 1318.131c: ChangeTime: 2018-04-30T14:46:55.724423100Z
  44. 1318.131c: FileAttributes: 0x20
  45. 1318.131c: Size: 0x115cd0
  46. 1318.131c: NT Headers: 0xf0
  47. 1318.131c: Timestamp: 0x5a7ddf0a
  48. 1318.131c: Machine: 0x8664 - amd64
  49. 1318.131c: Timestamp: 0x5a7ddf0a
  50. 1318.131c: Image Version: 6.3
  51. 1318.131c: SizeOfImage: 0x116000 (1138688)
  52. 1318.131c: Resource Dir: 0x111000 LB 0x3530
  53. 1318.131c: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
  54. 1318.131c: [Raw version resource data: 0x111120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  55. 1318.131c: ProductName: Microsoft® Windows® Operating System
  56. 1318.131c: ProductVersion: 6.3.9600.18938
  57. 1318.131c: FileVersion: 6.3.9600.18938 (winblue_ltsb.180209-0600)
  58. 1318.131c: FileDescription: Windows NT BASE API Client DLL
  59. 1318.131c: \SystemRoot\System32\apisetschema.dll:
  60. 1318.131c: CreationTime: 2018-04-30T06:06:53.869864200Z
  61. 1318.131c: LastWriteTime: 2016-10-10T18:18:15.035158100Z
  62. 1318.131c: ChangeTime: 2018-04-30T14:45:53.490360300Z
  63. 1318.131c: FileAttributes: 0x20
  64. 1318.131c: Size: 0x11158
  65. 1318.131c: NT Headers: 0xd0
  66. 1318.131c: Timestamp: 0x57fa67ee
  67. 1318.131c: Machine: 0x8664 - amd64
  68. 1318.131c: Timestamp: 0x57fa67ee
  69. 1318.131c: Image Version: 6.3
  70. 1318.131c: SizeOfImage: 0x12000 (73728)
  71. 1318.131c: Resource Dir: 0x11000 LB 0x3f8
  72. 1318.131c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  73. 1318.131c: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
  74. 1318.131c: ProductName: Microsoft® Windows® Operating System
  75. 1318.131c: ProductVersion: 6.3.9600.18513
  76. 1318.131c: FileVersion: 6.3.9600.18513 (winblue_ltsb.161009-0600)
  77. 1318.131c: FileDescription: ApiSet Schema DLL
  78. 1318.131c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  79. 1318.131c: supR3HardenedWinFindAdversaries: 0x0
  80. 1318.131c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  81. 1318.131c: Calling main()
  82. 1318.131c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  83. 1318.131c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  84. 1318.131c: SUPR3HardenedMain: Respawn #1
  85. 1318.131c: System32: \Device\HarddiskVolume5\Windows\System32
  86. 1318.131c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  87. 1318.131c: KnownDllPath: C:\Windows\system32
  88. 1318.131c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  89. 1318.131c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  90. 1318.131c: supR3HardNtEnableThreadCreation:
  91. 1318.131c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd1c068c90 pvNtTerminateThread=00007ffd1c0e0c80
  92. 1318.131c: supR3HardenedWinDoReSpawn(1): New child 1328.132c [kernel32].
  93. 1318.131c: supR3HardNtChildGatherData: PebBaseAddress=00007ff6a8495000 cbPeb=0x388
  94. 1318.131c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd1c050000 uNtDllChildAddr=00007ffd1c050000
  95. 1318.131c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd1c068c90
  96. 1318.131c: supR3HardenedWinSetupChildInit: Start child.
  97. 1318.131c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  98. 1318.131c: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
  99. 1318.131c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  100. 1318.131c: *0000000000000000-0000000000aeffff 0x0001/0x0000 0x0000000
  101. 1318.131c: *0000000000af0000-0000000000b0ffff 0x0004/0x0004 0x0020000
  102. 1318.131c: *0000000000b10000-0000000000b1efff 0x0002/0x0002 0x0040000
  103. 1318.131c: 0000000000b1f000-0000000000b1ffff 0x0001/0x0000 0x0000000
  104. 1318.131c: *0000000000b20000-0000000000c1afff 0x0000/0x0004 0x0020000
  105. 1318.131c: 0000000000c1b000-0000000000c1dfff 0x0104/0x0004 0x0020000
  106. 1318.131c: 0000000000c1e000-0000000000c1ffff 0x0004/0x0004 0x0020000
  107. 1318.131c: *0000000000c20000-0000000000c23fff 0x0002/0x0002 0x0040000
  108. 1318.131c: 0000000000c24000-0000000000c2ffff 0x0001/0x0000 0x0000000
  109. 1318.131c: *0000000000c30000-0000000000c31fff 0x0004/0x0004 0x0020000
  110. 1318.131c: 0000000000c32000-000000007ffdffff 0x0001/0x0000 0x0000000
  111. 1318.131c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  112. 1318.131c: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
  113. 1318.131c: 000000007fff0000-00007ff6a846ffff 0x0001/0x0000 0x0000000
  114. 1318.131c: *00007ff6a8470000-00007ff6a8492fff 0x0002/0x0002 0x0040000
  115. 1318.131c: 00007ff6a8493000-00007ff6a8494fff 0x0001/0x0000 0x0000000
  116. 1318.131c: *00007ff6a8495000-00007ff6a8495fff 0x0004/0x0004 0x0020000
  117. 1318.131c: 00007ff6a8496000-00007ff6a849dfff 0x0001/0x0000 0x0000000
  118. 1318.131c: *00007ff6a849e000-00007ff6a849ffff 0x0004/0x0004 0x0020000
  119. 1318.131c: 00007ff6a84a0000-00007ff6a899ffff 0x0001/0x0000 0x0000000
  120. 1318.131c: *00007ff6a89a0000-00007ff6a89a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  121. 1318.131c: 00007ff6a89a1000-00007ff6a8a11fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  122. 1318.131c: 00007ff6a8a12000-00007ff6a8a12fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  123. 1318.131c: 00007ff6a8a13000-00007ff6a8a58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  124. 1318.131c: 00007ff6a8a59000-00007ff6a8a59fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  125. 1318.131c: 00007ff6a8a5a000-00007ff6a8a5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  126. 1318.131c: 00007ff6a8a5b000-00007ff6a8a5ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  127. 1318.131c: 00007ff6a8a60000-00007ff6a8a60fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  128. 1318.131c: 00007ff6a8a61000-00007ff6a8a61fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  129. 1318.131c: 00007ff6a8a62000-00007ff6a8a65fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  130. 1318.131c: 00007ff6a8a66000-00007ff6a8aadfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  131. 1318.131c: 00007ff6a8aae000-00007ffd1c04ffff 0x0001/0x0000 0x0000000
  132. 1318.131c: *00007ffd1c050000-00007ffd1c050fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  133. 1318.131c: 00007ffd1c051000-00007ffd1c17dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  134. 1318.131c: 00007ffd1c17e000-00007ffd1c183fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  135. 1318.131c: 00007ffd1c184000-00007ffd1c190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  136. 1318.131c: 00007ffd1c191000-00007ffd1c191fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  137. 1318.131c: 00007ffd1c192000-00007ffd1c194fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  138. 1318.131c: 00007ffd1c195000-00007ffd1c195fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  139. 1318.131c: 00007ffd1c196000-00007ffd1c1fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  140. 1318.131c: 00007ffd1c1fd000-00007ffffffdffff 0x0001/0x0000 0x0000000
  141. 1318.131c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
  142. 1318.131c: VirtualBox.exe: timestamp 0x5ae2efeb (rc=VINF_SUCCESS)
  143. 1318.131c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  144. 1318.131c: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  145. 1318.131c: supR3HardNtChildPurify: Done after 298 ms and 0 fixes (loop #0).
  146. 1328.132c: Log file opened: 5.2.10r122406 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
  147. 1328.132c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd1c050000 g_uNtVerCombined=0x63258000
  148. 1328.132c: ntdll.dll: timestamp 0x5aa29ff0 (rc=VINF_SUCCESS)
  149. 1328.132c: New simple heap: #1 0000000000d40000 LB 0x400000 (for 1757184 allocation)
  150. 1318.131c: supR3HardNtEnableThreadCreation:
  151. 1328.132c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  152. 1328.132c: System32: \Device\HarddiskVolume5\Windows\System32
  153. 1328.132c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  154. 1328.132c: KnownDllPath: C:\Windows\system32
  155. 1328.132c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  156. 1328.132c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  157. 1328.132c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  158. 1328.132c: Registered Dll notification callback with NTDLL.
  159. 1328.132c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
  160. 1328.132c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  161. 1328.132c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  162. 1328.132c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  163. 1328.132c: supR3HardenedDllNotificationCallback: load 00007ffd195c0000 LB 0x00116000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
  164. 1328.132c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
  165. 1328.132c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  166. 1328.132c: supR3HardenedDllNotificationCallback: load 00007ffd1b550000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
  167. 1328.132c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  168. 1328.132c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1b550000 'C:\Windows\system32\KERNEL32.DLL'
  169. 1328.132c: supR3HardenedDllNotificationCallback: load 00007ff6a89a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  170. 1328.132c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  171. 1328.132c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  172. 1328.132c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  173. 1328.132c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd1c068c90 pvNtTerminateThread=00007ffd1c0e0c80
  174. 1318.131c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
  175. 1328.132c: \SystemRoot\System32\ntdll.dll:
  176. 1328.132c: CreationTime: 2018-04-30T06:07:01.677410000Z
  177. 1328.132c: LastWriteTime: 2018-03-09T21:20:47.469387600Z
  178. 1328.132c: ChangeTime: 2018-04-30T14:46:08.788455400Z
  179. 1328.132c: FileAttributes: 0x20
  180. 1328.132c: Size: 0x1a8378
  181. 1328.132c: NT Headers: 0xd8
  182. 1328.132c: Timestamp: 0x5aa29ff0
  183. 1328.132c: Machine: 0x8664 - amd64
  184. 1328.132c: Timestamp: 0x5aa29ff0
  185. 1328.132c: Image Version: 6.3
  186. 1328.132c: SizeOfImage: 0x1ad000 (1757184)
  187. 1328.132c: Resource Dir: 0x149000 LB 0x62558
  188. 1328.132c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  189. 1328.132c: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  190. 1328.132c: ProductName: Microsoft® Windows® Operating System
  191. 1328.132c: ProductVersion: 6.3.9600.18969
  192. 1328.132c: FileVersion: 6.3.9600.18969 (winblue_ltsb.180309-0600)
  193. 1328.132c: FileDescription: NT Layer DLL
  194. 1328.132c: \SystemRoot\System32\kernel32.dll:
  195. 1328.132c: CreationTime: 2018-04-30T06:10:41.089073400Z
  196. 1328.132c: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  197. 1328.132c: ChangeTime: 2018-04-30T14:46:55.333798600Z
  198. 1328.132c: FileAttributes: 0x20
  199. 1328.132c: Size: 0x13fc30
  200. 1328.132c: NT Headers: 0xf8
  201. 1328.132c: Timestamp: 0x545054ca
  202. 1328.132c: Machine: 0x8664 - amd64
  203. 1328.132c: Timestamp: 0x545054ca
  204. 1328.132c: Image Version: 6.3
  205. 1328.132c: SizeOfImage: 0x13e000 (1302528)
  206. 1328.132c: Resource Dir: 0x12e000 LB 0x518
  207. 1328.132c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  208. 1328.132c: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
  209. 1328.132c: ProductName: Microsoft® Windows® Operating System
  210. 1328.132c: ProductVersion: 6.3.9600.17415
  211. 1328.132c: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  212. 1328.132c: FileDescription: Windows NT BASE API Client DLL
  213. 1328.132c: \SystemRoot\System32\KernelBase.dll:
  214. 1328.132c: CreationTime: 2018-04-30T06:07:02.600644600Z
  215. 1328.132c: LastWriteTime: 2018-02-10T01:25:42.672992200Z
  216. 1328.132c: ChangeTime: 2018-04-30T14:46:55.724423100Z
  217. 1328.132c: FileAttributes: 0x20
  218. 1328.132c: Size: 0x115cd0
  219. 1328.132c: NT Headers: 0xf0
  220. 1328.132c: Timestamp: 0x5a7ddf0a
  221. 1328.132c: Machine: 0x8664 - amd64
  222. 1328.132c: Timestamp: 0x5a7ddf0a
  223. 1328.132c: Image Version: 6.3
  224. 1328.132c: SizeOfImage: 0x116000 (1138688)
  225. 1328.132c: Resource Dir: 0x111000 LB 0x3530
  226. 1328.132c: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
  227. 1328.132c: [Raw version resource data: 0x111120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  228. 1328.132c: ProductName: Microsoft® Windows® Operating System
  229. 1328.132c: ProductVersion: 6.3.9600.18938
  230. 1328.132c: FileVersion: 6.3.9600.18938 (winblue_ltsb.180209-0600)
  231. 1328.132c: FileDescription: Windows NT BASE API Client DLL
  232. 1328.132c: \SystemRoot\System32\apisetschema.dll:
  233. 1328.132c: CreationTime: 2018-04-30T06:06:53.869864200Z
  234. 1328.132c: LastWriteTime: 2016-10-10T18:18:15.035158100Z
  235. 1328.132c: ChangeTime: 2018-04-30T14:45:53.490360300Z
  236. 1328.132c: FileAttributes: 0x20
  237. 1328.132c: Size: 0x11158
  238. 1328.132c: NT Headers: 0xd0
  239. 1328.132c: Timestamp: 0x57fa67ee
  240. 1328.132c: Machine: 0x8664 - amd64
  241. 1328.132c: Timestamp: 0x57fa67ee
  242. 1328.132c: Image Version: 6.3
  243. 1328.132c: SizeOfImage: 0x12000 (73728)
  244. 1328.132c: Resource Dir: 0x11000 LB 0x3f8
  245. 1328.132c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  246. 1328.132c: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
  247. 1328.132c: ProductName: Microsoft® Windows® Operating System
  248. 1328.132c: ProductVersion: 6.3.9600.18513
  249. 1328.132c: FileVersion: 6.3.9600.18513 (winblue_ltsb.161009-0600)
  250. 1328.132c: FileDescription: ApiSet Schema DLL
  251. 1328.132c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  252. 1328.132c: supR3HardenedWinFindAdversaries: 0x0
  253. 1328.132c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  254. 1328.132c: Calling main()
  255. 1328.132c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  256. 1328.132c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  257. 1328.132c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  258. 1328.132c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  259. 1328.132c: SUPR3HardenedMain: Respawn #2
  260. 1328.132c: supR3HardNtEnableThreadCreation:
  261. 1328.132c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd1c068c90 pvNtTerminateThread=00007ffd1c0e0c80
  262. 1328.132c: supR3HardenedWinDoReSpawn(2): New child 1330.1334 [kernel32].
  263. 1328.132c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  264. 1328.132c: supR3HardNtChildGatherData: PebBaseAddress=00007ff6a88ba000 cbPeb=0x388
  265. 1328.132c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd1c050000 uNtDllChildAddr=00007ffd1c050000
  266. 1328.132c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd1c068c90
  267. 1328.132c: supR3HardenedWinSetupChildInit: Start child.
  268. 1328.132c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  269. 1328.132c: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 30 sleeps
  270. 1328.132c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  271. 1328.132c: *0000000000000000-000000000030ffff 0x0001/0x0000 0x0000000
  272. 1328.132c: *0000000000310000-000000000032ffff 0x0004/0x0004 0x0020000
  273. 1328.132c: *0000000000330000-000000000033efff 0x0002/0x0002 0x0040000
  274. 1328.132c: 000000000033f000-000000000033ffff 0x0001/0x0000 0x0000000
  275. 1328.132c: *0000000000340000-000000000043afff 0x0000/0x0004 0x0020000
  276. 1328.132c: 000000000043b000-000000000043dfff 0x0104/0x0004 0x0020000
  277. 1328.132c: 000000000043e000-000000000043ffff 0x0004/0x0004 0x0020000
  278. 1328.132c: *0000000000440000-0000000000443fff 0x0002/0x0002 0x0040000
  279. 1328.132c: 0000000000444000-000000000044ffff 0x0001/0x0000 0x0000000
  280. 1328.132c: *0000000000450000-0000000000451fff 0x0004/0x0004 0x0020000
  281. 1328.132c: 0000000000452000-000000007ffdffff 0x0001/0x0000 0x0000000
  282. 1328.132c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  283. 1328.132c: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
  284. 1328.132c: 000000007fff0000-00007ff6a888ffff 0x0001/0x0000 0x0000000
  285. 1328.132c: *00007ff6a8890000-00007ff6a88b2fff 0x0002/0x0002 0x0040000
  286. 1328.132c: 00007ff6a88b3000-00007ff6a88b9fff 0x0001/0x0000 0x0000000
  287. 1328.132c: *00007ff6a88ba000-00007ff6a88bafff 0x0004/0x0004 0x0020000
  288. 1328.132c: 00007ff6a88bb000-00007ff6a88bdfff 0x0001/0x0000 0x0000000
  289. 1328.132c: *00007ff6a88be000-00007ff6a88bffff 0x0004/0x0004 0x0020000
  290. 1328.132c: 00007ff6a88c0000-00007ff6a899ffff 0x0001/0x0000 0x0000000
  291. 1328.132c: *00007ff6a89a0000-00007ff6a89a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  292. 1328.132c: 00007ff6a89a1000-00007ff6a8a11fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  293. 1328.132c: 00007ff6a8a12000-00007ff6a8a12fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  294. 1328.132c: 00007ff6a8a13000-00007ff6a8a58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  295. 1328.132c: 00007ff6a8a59000-00007ff6a8a59fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  296. 1328.132c: 00007ff6a8a5a000-00007ff6a8a5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  297. 1328.132c: 00007ff6a8a5b000-00007ff6a8a5ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  298. 1328.132c: 00007ff6a8a60000-00007ff6a8a60fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  299. 1328.132c: 00007ff6a8a61000-00007ff6a8a61fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  300. 1328.132c: 00007ff6a8a62000-00007ff6a8a65fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  301. 1328.132c: 00007ff6a8a66000-00007ff6a8aadfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  302. 1328.132c: 00007ff6a8aae000-00007ffd1c04ffff 0x0001/0x0000 0x0000000
  303. 1328.132c: *00007ffd1c050000-00007ffd1c050fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  304. 1328.132c: 00007ffd1c051000-00007ffd1c17dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  305. 1328.132c: 00007ffd1c17e000-00007ffd1c183fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  306. 1328.132c: 00007ffd1c184000-00007ffd1c190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  307. 1328.132c: 00007ffd1c191000-00007ffd1c191fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  308. 1328.132c: 00007ffd1c192000-00007ffd1c194fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  309. 1328.132c: 00007ffd1c195000-00007ffd1c195fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  310. 1328.132c: 00007ffd1c196000-00007ffd1c1fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  311. 1328.132c: 00007ffd1c1fd000-00007ffffffdffff 0x0001/0x0000 0x0000000
  312. 1328.132c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
  313. 1328.132c: VirtualBox.exe: timestamp 0x5ae2efeb (rc=VINF_SUCCESS)
  314. 1328.132c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  315. 1328.132c: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  316. 1328.132c: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0).
  317. 1330.1334: Log file opened: 5.2.10r122406 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
  318. 1330.1334: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd1c050000 g_uNtVerCombined=0x63258000
  319. 1330.1334: ntdll.dll: timestamp 0x5aa29ff0 (rc=VINF_SUCCESS)
  320. 1330.1334: New simple heap: #1 0000000000560000 LB 0x400000 (for 1757184 allocation)
  321. 1328.132c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d40000 LB 0x400000)
  322. 1328.132c: supR3HardNtEnableThreadCreation:
  323. 1330.1334: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  324. 1330.1334: System32: \Device\HarddiskVolume5\Windows\System32
  325. 1330.1334: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  326. 1330.1334: KnownDllPath: C:\Windows\system32
  327. 1330.1334: supR3HardenedVmProcessInit: Opening vboxdrv...
  328. 1330.1334: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  329. 1330.1334: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  330. 1330.1334: Registered Dll notification callback with NTDLL.
  331. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
  332. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  333. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  334. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  335. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd195c0000 LB 0x00116000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
  336. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
  337. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  338. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1b550000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
  339. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  340. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1b550000 'C:\Windows\system32\KERNEL32.DLL'
  341. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ff6a89a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  342. 1330.1334: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  343. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  344. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
  345. 1330.1334: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd1c068c90 pvNtTerminateThread=00007ffd1c0e0c80
  346. 1328.132c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 79 ms.
  347. 1330.1334: \SystemRoot\System32\ntdll.dll:
  348. 1330.1334: CreationTime: 2018-04-30T06:07:01.677410000Z
  349. 1330.1334: LastWriteTime: 2018-03-09T21:20:47.469387600Z
  350. 1330.1334: ChangeTime: 2018-04-30T14:46:08.788455400Z
  351. 1330.1334: FileAttributes: 0x20
  352. 1330.1334: Size: 0x1a8378
  353. 1330.1334: NT Headers: 0xd8
  354. 1330.1334: Timestamp: 0x5aa29ff0
  355. 1330.1334: Machine: 0x8664 - amd64
  356. 1330.1334: Timestamp: 0x5aa29ff0
  357. 1330.1334: Image Version: 6.3
  358. 1330.1334: SizeOfImage: 0x1ad000 (1757184)
  359. 1330.1334: Resource Dir: 0x149000 LB 0x62558
  360. 1330.1334: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  361. 1330.1334: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  362. 1330.1334: ProductName: Microsoft® Windows® Operating System
  363. 1330.1334: ProductVersion: 6.3.9600.18969
  364. 1330.1334: FileVersion: 6.3.9600.18969 (winblue_ltsb.180309-0600)
  365. 1330.1334: FileDescription: NT Layer DLL
  366. 1330.1334: \SystemRoot\System32\kernel32.dll:
  367. 1330.1334: CreationTime: 2018-04-30T06:10:41.089073400Z
  368. 1330.1334: LastWriteTime: 2014-10-29T04:09:24.572407200Z
  369. 1330.1334: ChangeTime: 2018-04-30T14:46:55.333798600Z
  370. 1330.1334: FileAttributes: 0x20
  371. 1330.1334: Size: 0x13fc30
  372. 1330.1334: NT Headers: 0xf8
  373. 1330.1334: Timestamp: 0x545054ca
  374. 1330.1334: Machine: 0x8664 - amd64
  375. 1330.1334: Timestamp: 0x545054ca
  376. 1330.1334: Image Version: 6.3
  377. 1330.1334: SizeOfImage: 0x13e000 (1302528)
  378. 1330.1334: Resource Dir: 0x12e000 LB 0x518
  379. 1330.1334: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  380. 1330.1334: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
  381. 1330.1334: ProductName: Microsoft® Windows® Operating System
  382. 1330.1334: ProductVersion: 6.3.9600.17415
  383. 1330.1334: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
  384. 1330.1334: FileDescription: Windows NT BASE API Client DLL
  385. 1330.1334: \SystemRoot\System32\KernelBase.dll:
  386. 1330.1334: CreationTime: 2018-04-30T06:07:02.600644600Z
  387. 1330.1334: LastWriteTime: 2018-02-10T01:25:42.672992200Z
  388. 1330.1334: ChangeTime: 2018-04-30T14:46:55.724423100Z
  389. 1330.1334: FileAttributes: 0x20
  390. 1330.1334: Size: 0x115cd0
  391. 1330.1334: NT Headers: 0xf0
  392. 1330.1334: Timestamp: 0x5a7ddf0a
  393. 1330.1334: Machine: 0x8664 - amd64
  394. 1330.1334: Timestamp: 0x5a7ddf0a
  395. 1330.1334: Image Version: 6.3
  396. 1330.1334: SizeOfImage: 0x116000 (1138688)
  397. 1330.1334: Resource Dir: 0x111000 LB 0x3530
  398. 1330.1334: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
  399. 1330.1334: [Raw version resource data: 0x111120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  400. 1330.1334: ProductName: Microsoft® Windows® Operating System
  401. 1330.1334: ProductVersion: 6.3.9600.18938
  402. 1330.1334: FileVersion: 6.3.9600.18938 (winblue_ltsb.180209-0600)
  403. 1330.1334: FileDescription: Windows NT BASE API Client DLL
  404. 1330.1334: \SystemRoot\System32\apisetschema.dll:
  405. 1330.1334: CreationTime: 2018-04-30T06:06:53.869864200Z
  406. 1330.1334: LastWriteTime: 2016-10-10T18:18:15.035158100Z
  407. 1330.1334: ChangeTime: 2018-04-30T14:45:53.490360300Z
  408. 1330.1334: FileAttributes: 0x20
  409. 1330.1334: Size: 0x11158
  410. 1330.1334: NT Headers: 0xd0
  411. 1330.1334: Timestamp: 0x57fa67ee
  412. 1330.1334: Machine: 0x8664 - amd64
  413. 1330.1334: Timestamp: 0x57fa67ee
  414. 1330.1334: Image Version: 6.3
  415. 1330.1334: SizeOfImage: 0x12000 (73728)
  416. 1330.1334: Resource Dir: 0x11000 LB 0x3f8
  417. 1330.1334: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  418. 1330.1334: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
  419. 1330.1334: ProductName: Microsoft® Windows® Operating System
  420. 1330.1334: ProductVersion: 6.3.9600.18513
  421. 1330.1334: FileVersion: 6.3.9600.18513 (winblue_ltsb.161009-0600)
  422. 1330.1334: FileDescription: ApiSet Schema DLL
  423. 1330.1334: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  424. 1330.1334: supR3HardenedWinFindAdversaries: 0x0
  425. 1330.1334: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  426. 1330.1334: Calling main()
  427. 1330.1334: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  428. 1330.1334: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  429. 1330.1334: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  430. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  431. 1330.1334: SUPR3HardenedMain: Final process, opening VBoxDrv...
  432. 1330.1334: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000560000 LB 0x400000)
  433. 1330.1334: supR3HardNtEnableThreadCreation:
  434. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  435. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  436. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  437. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  438. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd15a60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  439. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  440. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  441. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  442. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd15a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  443. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  444. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  445. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd15a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  446. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd15a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  447. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  448. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
  449. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
  450. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
  451. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
  452. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
  453. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  454. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  455. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'sspicli.dll'.
  456. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
  457. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  458. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  459. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  460. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
  461. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
  462. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  463. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  464. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  465. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
  466. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
  467. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  468. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  469. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  470. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
  471. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  472. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  473. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  474. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  475. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  476. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  477. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  478. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sspicli.dll'...
  479. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'sspicli.dll' -> '\Device\HarddiskVolume5\Windows\System32\sspicli.dll' [rcNtRedir=0xc0150008]
  480. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  481. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sspicli.dll)
  482. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sspicli.dll
  483. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  484. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  485. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  486. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  487. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  488. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  489. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
  490. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
  491. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1b890000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
  492. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  493. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19230000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
  494. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  495. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd192a0000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
  496. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  497. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19b20000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
  498. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  499. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19480000 LB 0x0002e000 C:\Windows\system32\SspiCli.dll [fFlags=0x0]
  500. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sspicli.dll [lacks WinVerifyTrust]
  501. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1b940000 LB 0x00140000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
  502. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  503. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19560000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
  504. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  505. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\system32\Wintrust.dll'
  506. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
  507. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
  508. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  509. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  510. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  511. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  512. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  513. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18ce0000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
  514. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  515. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18ce0000 'C:\Windows\system32\bcrypt.dll'
  516. 1330.1334: bcrypt.dll loaded at 00007ffd18ce0000, BCryptOpenAlgorithmProvider at 00007ffd18ce3490, preloading providers:
  517. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
  518. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
  519. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  520. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  521. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19050000 LB 0x00063000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
  522. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  523. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19050000 'C:\Windows\system32\bcryptprimitives.dll'
  524. 1330.1334: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a49090)
  525. 1330.1334: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a49c00)
  526. 1330.1334: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a49d30)
  527. 1330.1334: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a49f90)
  528. 1330.1334: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a4a0c0)
  529. 1330.1334: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a4a1f0)
  530. 1330.1334: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a4a440)
  531. 1330.1334: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a4a570)
  532. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  533. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  534. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  535. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  536. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  537. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  538. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  539. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  540. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  541. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  542. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  543. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  544. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  545. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  546. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  547. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  548. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  549. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  550. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  551. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  552. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
  553. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
  554. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18990000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  555. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  556. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
  557. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
  558. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  559. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  560. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  561. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  562. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  563. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  564. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18680000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
  565. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  566. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  567. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  568. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
  569. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
  570. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd190c0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  571. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  572. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  573. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  574. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  575. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  576. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  577. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1b550000 'C:\Windows\system32\kernel32.dll'
  578. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  579. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\System32\WINTRUST.DLL'
  580. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  581. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  582. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\CRYPT32.dll'
  583. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1beb0000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
  584. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  585. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
  586. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
  587. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  588. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  589. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  590. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  591. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  592. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  593. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
  594. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
  595. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ncrypt.dll)
  596. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ncrypt.dll
  597. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntasn1.dll)
  598. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntasn1.dll
  599. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18ca0000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
  600. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
  601. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18c20000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
  602. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
  603. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  604. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  605. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
  606. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
  607. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd18330000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
  608. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  609. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
  610. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
  611. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19180000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
  612. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  613. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  614. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
  615. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
  616. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
  617. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
  618. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
  619. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
  620. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  621. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\Wldap32.dll)
  622. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\Wldap32.dll
  623. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  624. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  625. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  626. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  627. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  628. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  629. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  630. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  631. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  632. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  633. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  634. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  635. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
  636. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
  637. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
  638. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  639. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  640. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  641. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  642. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  643. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  644. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  645. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  646. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1be40000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
  647. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
  648. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd13f80000 LB 0x00033000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
  649. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  650. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  651. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  652. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  653. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  654. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  655. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  656. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  657. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  658. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  659. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  660. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  661. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  662. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  663. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  664. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  665. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  666. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  667. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  668. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  669. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  670. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  671. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  672. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  673. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  674. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  675. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  676. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  677. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  678. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\system32\cryptnet.dll'
  679. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  680. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd13f80000 'C:\Windows\System32\cryptnet.dll'
  681. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  682. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
  683. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
  684. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
  685. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  686. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19a60000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
  687. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  688. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  689. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  690. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  691. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  692. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  693. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  694. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  695. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  696. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  697. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  698. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  699. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  700. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  701. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  702. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  703. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  704. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a98a80
  705. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a98a80
  706. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=209223C9324A7002F3C61DDDAF0BE69E5B521819
  707. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  708. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  709. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1b940000 'C:\Windows\system32\rpcrt4.dll'
  710. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  711. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ab0970
  712. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ab0970
  713. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=EB087832F3A7EF775FC256011982EF127A0856EC47DF2CEEB291A9DA840ED4B9
  714. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  715. 1330.1334: g_pfnWinVerifyTrust=00007ffd19561050
  716. 1330.1334: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  717. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  718. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  719. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  720. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  721. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  722. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  723. 1330.1334: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
  724. 1330.1334: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  725. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  726. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  727. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  728. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  729. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  730. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  731. 1330.1334: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
  732. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  733. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  734. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  735. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  736. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  737. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  738. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
  739. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume5\Windows\System32\Wldap32.dll
  740. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a98a80
  741. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a98a80
  742. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94F7EB39360A785180B3F3D1F7F71564D27B0713
  743. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  744. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000a98a80
  745. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a98a80
  746. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94F7EB39360A785180B3F3D1F7F71564D27B0713
  747. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  748. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ab0970
  749. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ab0970
  750. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FFB155AD82FA875DD614A706C136E8EBB25F06DC8FBAEC7628965F995EC4CC66
  751. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  752. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2800
  753. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2800
  754. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FFB155AD82FA875DD614A706C136E8EBB25F06DC8FBAEC7628965F995EC4CC66
  755. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  756. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  757. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
  758. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume5\Windows\System32\cryptnet.dll
  759. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000a98a80
  760. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000a98a80
  761. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F501A7B907459FED689C7B6483581A8D309E60F
  762. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  763. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2e00
  764. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  765. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F501A7B907459FED689C7B6483581A8D309E60F
  766. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  767. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2800
  768. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2800
  769. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=0E87899B16D12F412DC1128C1F4592557C0C18B567521E0A811DCC80F28F15DD
  770. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  771. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb3280
  772. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb3280
  773. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=0E87899B16D12F412DC1128C1F4592557C0C18B567521E0A811DCC80F28F15DD
  774. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  775. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  776. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
  777. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  778. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  779. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  780. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  781. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
  782. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  783. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  784. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  785. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
  786. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  787. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  788. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  789. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ntasn1.dll'
  790. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  791. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  792. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  793. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ncrypt.dll'
  794. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  795. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  796. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  797. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
  798. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  799. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  800. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  801. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
  802. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  803. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  804. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  805. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
  806. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  807. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  808. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  809. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  810. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
  811. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  812. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  813. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  814. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  815. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
  816. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  817. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  818. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
  819. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  820. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  821. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
  822. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  823. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  824. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sspicli.dll'
  825. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  826. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  827. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
  828. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  829. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  830. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
  831. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  832. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  833. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
  834. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  835. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  836. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  837. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  838. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  839. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  840. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
  841. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  842. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  843. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
  844. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  845. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  846. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  847. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  848. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  849. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  850. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  851. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  852. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  853. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xf1ef0bed62830749 CN=AutoHotkey
  854. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
  855. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
  856. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  857. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
  858. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  859. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
  860. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
  861. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  862. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  863. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
  864. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  865. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
  866. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  867. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  868. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  869. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  870. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  871. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  872. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
  873. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  874. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
  875. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  876. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  877. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  878. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  879. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  880. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  881. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
  882. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
  883. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  884. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  885. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  886. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
  887. 1330.1334: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  888. 1330.1334: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=43
  889. 1330.1334: SUPR3HardenedMain: Load Runtime...
  890. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  891. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  892. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  893. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  894. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  895. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
  896. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  897. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  898. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  899. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  900. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  901. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  902. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  903. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  904. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
  905. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
  906. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
  907. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  908. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  909. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  910. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  911. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  912. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  913. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  914. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  915. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
  916. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll)
  917. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
  918. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  919. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  920. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
  921. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  922. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  923. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  924. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  925. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  926. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  927. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll)
  928. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
  929. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  930. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
  931. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  932. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  933. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  934. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  935. 1330.1334: supR3HardenedDllNotificationCallback: load 000000006b2e0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
  936. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
  937. 1330.1334: supR3HardenedDllNotificationCallback: load 000000006b240000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
  938. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  939. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd19b10000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
  940. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
  941. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd1b0f0000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
  942. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  943. 1330.1334: supR3HardenedDllNotificationCallback: load 00007ffd05f40000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
  944. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  945. 1330.1334: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'.
  946. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
  947. 1330.1334: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\nsi.dll'.
  948. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rescheduled]
  949. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  950. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  951. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  952. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  953. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  954. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  955. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  956. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  957. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  958. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  959. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  960. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  961. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  962. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  963. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  964. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  965. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  966. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  967. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  968. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  969. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  970. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  971. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  972. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  973. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  974. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  975. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  976. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  977. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  978. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  979. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  980. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  981. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  982. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  983. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  984. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  985. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  986. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  987. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  988. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  989. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  990. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  991. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  992. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  993. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  994. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  995. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  996. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  997. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd05f40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  998. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd19560000 'C:\Windows\system32\Wintrust.dll'
  999. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1000. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1001. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1002. 1330.1334: SUPR3HardenedMain: Load TrustedMain...
  1003. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  1004. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1005. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1006. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
  1007. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  1008. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
  1009. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1010. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1011. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
  1012. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
  1013. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
  1014. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
  1015. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
  1016. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
  1017. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
  1018. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
  1019. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
  1020. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
  1021. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
  1022. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
  1023. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  1024. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  1025. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1026. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1027. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
  1028. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
  1029. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
  1030. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
  1031. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
  1032. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1033. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1034. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1035. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1036. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'.
  1037. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
  1038. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
  1039. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
  1040. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1041. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1042. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  1043. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
  1044. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
  1045. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'.
  1046. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1047. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
  1048. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmmbase.dll)
  1049. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmmbase.dll
  1050. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  1051. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  1052. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\devobj.dll'.
  1053. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1054. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
  1055. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll)
  1056. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
  1057. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1058. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1059. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1060. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1061. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  1062. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
  1063. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
  1064. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
  1065. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1066. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1067. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1068. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  1069. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  1070. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'.
  1071. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll)
  1072. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
  1073. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1074. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1075. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1076. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1077. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1078. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
  1079. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  1080. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
  1081. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  1082. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1083. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1084. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1085. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1086. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1087. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1088. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  1089. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1090. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  1091. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
  1092. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
  1093. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1094. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1095. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1096. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1097. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1098. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1099. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1100. 1330.1334: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  1101. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1102. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1103. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1104. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  1105. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
  1106. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  1107. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
  1108. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
  1109. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
  1110. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1111. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1112. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  1113. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  1114. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
  1115. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1116. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1117. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1118. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1119. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1120. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1121. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1122. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1123. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1124. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1125. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1126. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1127. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1128. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
  1129. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
  1130. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
  1131. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) WinVerifyTrust
  1132. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
  1133. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1134. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1135. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  1136. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1137. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1138. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust]
  1139. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1140. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1141. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1142. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1143. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1144. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'.
  1145. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1146. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  1147. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
  1148. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
  1149. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  1150. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1151. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1152. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1153. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1154. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1155. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1156. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1157. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1158. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1159. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1160. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  1161. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1162. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1163. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1164. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1165. 1330.1334: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
  1166. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
  1167. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
  1168. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1169. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
  1170. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
  1171. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
  1172. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1173. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
  1174. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
  1175. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
  1176. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
  1177. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1178. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1179. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1180. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1181. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1182. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
  1183. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1184. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
  1185. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  1186. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  1187. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  1188. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
  1189. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
  1190. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
  1191. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
  1192. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
  1193. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1194. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1195. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
  1196. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
  1197. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1198. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1199. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1200. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1201. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1202. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1203. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
  1204. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
  1205. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1206. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1207. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
  1208. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1209. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1210. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
  1211. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
  1212. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  1213. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1214. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1215. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
  1216. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
  1217. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1218. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1219. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1220. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1221. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1222. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  1223. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1224. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1225. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  1226. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1227. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1228. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1229. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1230. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1231. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
  1232. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1233. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1234. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
  1235. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1236. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1237. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1238. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1239. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1240. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1241. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1242. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1243. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  1244. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1245. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1246. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1247. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1248. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1249. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
  1250. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1251. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1252. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1253. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1254. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1255. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'.
  1256. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1257. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  1258. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1259. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
  1260. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
  1261. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  1262. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll)
  1263. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
  1264. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1265. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1266. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  1267. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1268. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1269. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1270. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1271. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1272. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  1273. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  1274. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  1275. 1330.1334: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\mpr.dll'.
  1276. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll)
  1277. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll
  1278. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1279. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1280. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  1281. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1282. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1283. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  1284. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1285. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1286. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  1287. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1288. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1289. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  1290. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1291. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1292. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
  1293. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1294. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1295. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
  1296. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
  1297. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'.
  1298. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1299. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
  1300. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
  1301. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
  1302. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\ddraw.dll)
  1303. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ddraw.dll
  1304. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
  1305. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
  1306. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\glu32.dll'.
  1307. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1308. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1309. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1310. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\glu32.dll)
  1311. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
  1312. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1313. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1314. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1315. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1316. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1317. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  1318. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1319. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1320. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  1321. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1322. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1323. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1324. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1325. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
  1326. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1327. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1328. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
  1329. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
  1330. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'.
  1331. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1332. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
  1333. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1334. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\dciman32.dll)
  1335. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dciman32.dll
  1336. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1337. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1338. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1339. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1340. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1341. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1342. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1343. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1344. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1345. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1346. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1347. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1348. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1349. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1350. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1351. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1352. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1353. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
  1354. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
  1355. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1356. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
  1357. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
  1358. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
  1359. 1330.1334: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
  1360. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
  1361. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1362. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1363. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
  1364. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1365. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1366. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
  1367. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  1368. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  1369. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'.
  1370. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1371. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
  1372. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1373. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1374. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
  1375. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
  1376. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll)
  1377. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
  1378. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
  1379. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
  1380. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\winspool.drv'.
  1381. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1382. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv)
  1383. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
  1384. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1385. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1386. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
  1387. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1388. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1389. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
  1390. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1391. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1392. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
  1393. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1394. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1395. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1396. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1397. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1398. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1399. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1400. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1401. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1402. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  1403. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  1404. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  1405. 1330.1334: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
  1406. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  1407. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1408. 1330.1334: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1409. 1330.1334: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll)
  1410. 1330.1334: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
  1411. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1412. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1413. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1414. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1415. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1416. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1417. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1418. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
  1419. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1420. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1421. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1422. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1423. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1424. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1425. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  1426. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1427. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1428. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  1429. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1430. 1330.1334: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
  1431. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1432. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1433. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
  1434. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1435. 1330.1334: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
  1436. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1437. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1438. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
  1439. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1440. 1330.1334: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
  1441. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1442. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1443. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
  1444. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1445. 1330.1334: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll'
  1446. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1447. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1448. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
  1449. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  1450. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  1451. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1452. 1330.1334: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1453. 1330.1334: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
  1454. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll
  1455. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2e00
  1456. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1457. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
  1458. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1459. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2e00
  1460. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1461. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
  1462. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1463. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb3280
  1464. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb3280
  1465. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C843075C1CE6C4CBCCC7F0CE546ED0CF22FD7DA1BC965619FDB8447A6B325B7C
  1466. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1467. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2a40
  1468. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2a40
  1469. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C843075C1CE6C4CBCCC7F0CE546ED0CF22FD7DA1BC965619FDB8447A6B325B7C
  1470. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1471. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1472. 1330.1334: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
  1473. 1330.1334: Error (rc=0):
  1474. 1330.1334: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume5\Windows\System32\opengl32.dll
  1475. 1330.1334: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1476. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
  1477. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
  1478. 1330.1334: Error (rc=0):
  1479. 1330.1334: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xf cHits=3 \Device\HarddiskVolume5\Windows\System32\opengl32.dll
  1480. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
  1481. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume5\Windows\System32\comctl32.dll
  1482. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2e00
  1483. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1484. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
  1485. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1486. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2e00
  1487. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1488. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
  1489. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1490. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2a40
  1491. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2a40
  1492. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C59190027489594644EB4BF015346255C76E43401D442C540E025985D0CFDB1F
  1493. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1494. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2980
  1495. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1496. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C59190027489594644EB4BF015346255C76E43401D442C540E025985D0CFDB1F
  1497. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1498. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1499. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'
  1500. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume5\Windows\System32\winspool.drv
  1501. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2e00
  1502. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1503. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8699108DC3B82EF7C17E1D7531696C984626EEFE
  1504. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1505. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2680
  1506. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2680
  1507. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8699108DC3B82EF7C17E1D7531696C984626EEFE
  1508. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1509. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2980
  1510. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1511. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4A7081B74423A40B78988FE712A9C2222150CFB9669AC211647E951C268E5CDB
  1512. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1513. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2980
  1514. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1515. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4A7081B74423A40B78988FE712A9C2222150CFB9669AC211647E951C268E5CDB
  1516. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1517. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1518. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\winspool.drv'
  1519. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll
  1520. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2680
  1521. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2680
  1522. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
  1523. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1524. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2e00
  1525. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1526. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
  1527. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1528. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2980
  1529. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1530. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=DA626568EFD31BF62177216B8BD0B7E0D98491983B3BCC28E533D4DB861D8077
  1531. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1532. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2680
  1533. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2680
  1534. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=DA626568EFD31BF62177216B8BD0B7E0D98491983B3BCC28E533D4DB861D8077
  1535. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1536. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1537. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'
  1538. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume5\Windows\System32\dciman32.dll
  1539. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2e00
  1540. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1541. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=090BF7C2666F3FF583BB59D31C1CC1CF305DE9C0
  1542. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1543. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2e00
  1544. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1545. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=090BF7C2666F3FF583BB59D31C1CC1CF305DE9C0
  1546. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1547. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2680
  1548. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2680
  1549. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=864414295EFE7B22DF3C13433AE947B57E1D03A90B26A77A1C75F9C7DD2DC9B1
  1550. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1551. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2b00
  1552. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2b00
  1553. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=864414295EFE7B22DF3C13433AE947B57E1D03A90B26A77A1C75F9C7DD2DC9B1
  1554. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1555. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1556. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dciman32.dll'
  1557. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume5\Windows\System32\glu32.dll
  1558. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2e00
  1559. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2e00
  1560. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=832AE7EFDC6DDBE1A3371D29771A385D19CE3E5A
  1561. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1562. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2980
  1563. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1564. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=832AE7EFDC6DDBE1A3371D29771A385D19CE3E5A
  1565. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1566. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2b00
  1567. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2b00
  1568. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=29023E9A69C979ACA959598FD58EEB5F93FE57A6AEF400947FFAB698C48811EF
  1569. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1570. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2b00
  1571. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2b00
  1572. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=29023E9A69C979ACA959598FD58EEB5F93FE57A6AEF400947FFAB698C48811EF
  1573. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1574. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1575. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\glu32.dll'
  1576. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume5\Windows\System32\ddraw.dll
  1577. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2980
  1578. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2980
  1579. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46F3EC55D7EDCC524FCBA343C275D945026CBC93
  1580. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1581. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb2a40
  1582. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2a40
  1583. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46F3EC55D7EDCC524FCBA343C275D945026CBC93
  1584. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1585. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fb2b00
  1586. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb2b00
  1587. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4F3A4F2F2240AAEA2D895FB3BC8F14AD95EDA80B44A58B7EF6773A07AA898C72
  1588. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 2; iCat=0x0)
  1589. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fb28c0
  1590. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fb28c0
  1591. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=4F3A4F2F2240AAEA2D895FB3BC8F14AD95EDA80B44A58B7EF6773A07AA898C72
  1592. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (2)
  1593. 1330.1334: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
  1594. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ddraw.dll'
  1595. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1596. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1597. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\mpr.dll'
  1598. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1599. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1600. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'
  1601. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1602. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1603. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll'
  1604. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1605. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1606. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'
  1607. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1608. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1609. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
  1610. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1611. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1612. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\devobj.dll'
  1613. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18680000 'C:\Windows\system32\rsaenh.dll'
  1614. 1330.1334: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd192a0000 'C:\Windows\system32\crypt32.dll'
  1615. 1330.1334: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\winmmbase.dll'
  1616. 1330.1334: Fatal error:
  1617. 1330.1334: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
  1618. 1328.132c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1705 ms, the end);
  1619. 1318.131c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2091 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!