VirtualBox

Ticket #10759: VBoxHardening.log

File VBoxHardening.log, 351.8 KB (added by ipatrol, 9 years ago)

Hardening log for Ubuntu

Line 
113e8.9d8: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
213e8.9d8: \SystemRoot\System32\ntdll.dll:
313e8.9d8: CreationTime: 2016-02-10T00:22:44.962566700Z
413e8.9d8: LastWriteTime: 2016-01-22T06:24:12.217581500Z
513e8.9d8: ChangeTime: 2016-02-12T15:28:00.272029700Z
613e8.9d8: FileAttributes: 0x20
713e8.9d8: Size: 0x1a73d8
813e8.9d8: NT Headers: 0xe0
913e8.9d8: Timestamp: 0x56a1c9c5
1013e8.9d8: Machine: 0x8664 - amd64
1113e8.9d8: Timestamp: 0x56a1c9c5
1213e8.9d8: Image Version: 6.1
1313e8.9d8: SizeOfImage: 0x1aa000 (1744896)
1413e8.9d8: Resource Dir: 0x14e000 LB 0x5a028
1513e8.9d8: ProductName: Microsoft® Windows® Operating System
1613e8.9d8: ProductVersion: 6.1.7601.19135
1713e8.9d8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
1813e8.9d8: FileDescription: NT Layer DLL
1913e8.9d8: \SystemRoot\System32\kernel32.dll:
2013e8.9d8: CreationTime: 2016-02-10T00:22:43.012563300Z
2113e8.9d8: LastWriteTime: 2016-01-22T06:15:31.619000000Z
2213e8.9d8: ChangeTime: 2016-02-12T15:28:02.284433300Z
2313e8.9d8: FileAttributes: 0x20
2413e8.9d8: Size: 0x11c000
2513e8.9d8: NT Headers: 0xe8
2613e8.9d8: Timestamp: 0x56a1c9ab
2713e8.9d8: Machine: 0x8664 - amd64
2813e8.9d8: Timestamp: 0x56a1c9ab
2913e8.9d8: Image Version: 6.1
3013e8.9d8: SizeOfImage: 0x11f000 (1175552)
3113e8.9d8: Resource Dir: 0x116000 LB 0x528
3213e8.9d8: ProductName: Microsoft® Windows® Operating System
3313e8.9d8: ProductVersion: 6.1.7601.19135
3413e8.9d8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
3513e8.9d8: FileDescription: Windows NT BASE API Client DLL
3613e8.9d8: \SystemRoot\System32\KernelBase.dll:
3713e8.9d8: CreationTime: 2016-02-10T00:22:44.650566200Z
3813e8.9d8: LastWriteTime: 2016-01-22T06:15:31.822000000Z
3913e8.9d8: ChangeTime: 2016-02-12T15:28:02.331233400Z
4013e8.9d8: FileAttributes: 0x20
4113e8.9d8: Size: 0x67200
4213e8.9d8: NT Headers: 0xe8
4313e8.9d8: Timestamp: 0x56a1c9ac
4413e8.9d8: Machine: 0x8664 - amd64
4513e8.9d8: Timestamp: 0x56a1c9ac
4613e8.9d8: Image Version: 6.1
4713e8.9d8: SizeOfImage: 0x6b000 (438272)
4813e8.9d8: Resource Dir: 0x69000 LB 0x530
4913e8.9d8: ProductName: Microsoft® Windows® Operating System
5013e8.9d8: ProductVersion: 6.1.7601.19135
5113e8.9d8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
5213e8.9d8: FileDescription: Windows NT BASE API Client DLL
5313e8.9d8: \SystemRoot\System32\apisetschema.dll:
5413e8.9d8: CreationTime: 2016-02-10T00:22:37.848954200Z
5513e8.9d8: LastWriteTime: 2016-01-22T06:12:25.181000000Z
5613e8.9d8: ChangeTime: 2016-02-12T15:28:00.084829400Z
5713e8.9d8: FileAttributes: 0x20
5813e8.9d8: Size: 0x1a00
5913e8.9d8: NT Headers: 0xc0
6013e8.9d8: Timestamp: 0x56a1c890
6113e8.9d8: Machine: 0x8664 - amd64
6213e8.9d8: Timestamp: 0x56a1c890
6313e8.9d8: Image Version: 6.1
6413e8.9d8: SizeOfImage: 0x50000 (327680)
6513e8.9d8: Resource Dir: 0x30000 LB 0x3f8
6613e8.9d8: ProductName: Microsoft® Windows® Operating System
6713e8.9d8: ProductVersion: 6.1.7601.19135
6813e8.9d8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
6913e8.9d8: FileDescription: ApiSet Schema DLL
7013e8.9d8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7113e8.9d8: supR3HardenedWinFindAdversaries: 0x400
7213e8.9d8: \SystemRoot\System32\drivers\MpFilter.sys:
7313e8.9d8: CreationTime: 2015-03-04T23:34:52.000000000Z
7413e8.9d8: LastWriteTime: 2015-03-04T23:34:52.000000000Z
7513e8.9d8: ChangeTime: 2015-08-29T05:17:42.865617400Z
7613e8.9d8: FileAttributes: 0x20
7713e8.9d8: Size: 0x44738
7813e8.9d8: NT Headers: 0xf0
7913e8.9d8: Timestamp: 0x54efb880
8013e8.9d8: Machine: 0x8664 - amd64
8113e8.9d8: Timestamp: 0x54efb880
8213e8.9d8: Image Version: 6.3
8313e8.9d8: SizeOfImage: 0x44000 (278528)
8413e8.9d8: Resource Dir: 0x42000 LB 0xd50
8513e8.9d8: ProductName: Microsoft Malware Protection
8613e8.9d8: ProductVersion: 4.8.0200.0
8713e8.9d8: FileVersion: 4.8.0200.0
8813e8.9d8: FileDescription: Microsoft antimalware file system filter driver
8913e8.9d8: \SystemRoot\System32\drivers\NisDrvWFP.sys:
9013e8.9d8: CreationTime: 2014-03-11T13:52:30.000000000Z
9113e8.9d8: LastWriteTime: 2015-03-04T23:34:52.000000000Z
9213e8.9d8: ChangeTime: 2015-08-29T05:17:39.979612300Z
9313e8.9d8: FileAttributes: 0x20
9413e8.9d8: Size: 0x1e698
9513e8.9d8: NT Headers: 0xf0
9613e8.9d8: Timestamp: 0x54efb8af
9713e8.9d8: Machine: 0x8664 - amd64
9813e8.9d8: Timestamp: 0x54efb8af
9913e8.9d8: Image Version: 6.3
10013e8.9d8: SizeOfImage: 0x1f000 (126976)
10113e8.9d8: Resource Dir: 0x1c000 LB 0x1b90
10213e8.9d8: ProductName: Microsoft Malware Protection
10313e8.9d8: ProductVersion: 4.8.0200.0
10413e8.9d8: FileVersion: 4.8.0200.0
10513e8.9d8: FileDescription: Microsoft Network Realtime Inspection Driver
10613e8.9d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
10713e8.9d8: Calling main()
10813e8.9d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10913e8.9d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
11013e8.9d8: SUPR3HardenedMain: Respawn #1
11113e8.9d8: System32: \Device\HarddiskVolume3\Windows\System32
11213e8.9d8: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
11313e8.9d8: KnownDllPath: C:\Windows\system32
11413e8.9d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
11513e8.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
11613e8.9d8: supR3HardNtEnableThreadCreation:
11713e8.9d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007710b170 pvNtTerminateThread=000000007712d8e0
11813e8.9d8: supR3HardenedWinDoReSpawn(1): New child 17dc.ea4 [kernel32].
11913e8.9d8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
12013e8.9d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770e0000 uNtDllChildAddr=00000000770e0000
12113e8.9d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007710b170
12213e8.9d8: supR3HardenedWinSetupChildInit: Start child.
12313e8.9d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 15 ms.
12413e8.9d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
12513e8.9d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12613e8.9d8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
12713e8.9d8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
12813e8.9d8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
12913e8.9d8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
13013e8.9d8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
13113e8.9d8: 0000000000041000-ffffffffffff1fff 0x0001/0x0000 0x0000000
13213e8.9d8: *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
13313e8.9d8: 000000000018c000-0000000000188fff 0x0104/0x0004 0x0020000
13413e8.9d8: 000000000018f000-000000000018dfff 0x0004/0x0004 0x0020000
13513e8.9d8: 0000000000190000-ffffffff8923ffff 0x0001/0x0000 0x0000000
13613e8.9d8: *00000000770e0000-00000000770e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13713e8.9d8: 00000000770e1000-00000000771dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13813e8.9d8: 00000000771e0000-000000007720efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
13913e8.9d8: 000000007720f000-0000000077216fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
14013e8.9d8: 0000000077217000-0000000077217fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
14113e8.9d8: 0000000077218000-000000007721afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
14213e8.9d8: 000000007721b000-0000000077289fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
14313e8.9d8: 000000007728a000-000000006f533fff 0x0001/0x0000 0x0000000
14413e8.9d8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
14513e8.9d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
14613e8.9d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
14713e8.9d8: 000000007fff0000-ffffffffc018ffff 0x0001/0x0000 0x0000000
14813e8.9d8: *000000013fe50000-000000013fe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
14913e8.9d8: 000000013fe51000-000000013fed7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15013e8.9d8: 000000013fed8000-000000013fed8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15113e8.9d8: 000000013fed9000-000000013ff23fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15213e8.9d8: 000000013ff24000-000000013ff24fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15313e8.9d8: 000000013ff25000-000000013ff25fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15413e8.9d8: 000000013ff26000-000000013ff2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15513e8.9d8: 000000013ff2b000-000000013ff2bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15613e8.9d8: 000000013ff2c000-000000013ff2cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15713e8.9d8: 000000013ff2d000-000000013ff30fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15813e8.9d8: 000000013ff31000-000000013ff7bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
15913e8.9d8: 000000013ff7c000-fffff80380af7fff 0x0001/0x0000 0x0000000
16013e8.9d8: *000007feff400000-000007feff400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
16113e8.9d8: 000007feff401000-000007fdfe851fff 0x0001/0x0000 0x0000000
16213e8.9d8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
16313e8.9d8: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
16413e8.9d8: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
16513e8.9d8: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
16613e8.9d8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
16713e8.9d8: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
16813e8.9d8: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
16913e8.9d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17013e8.9d8: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
17113e8.9d8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
17213e8.9d8: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0).
17313e8.9d8: supR3HardNtEnableThreadCreation:
17417dc.ea4: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
17517dc.ea4: supR3HardenedVmProcessInit: uNtDllAddr=00000000770e0000
17617dc.ea4: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
17717dc.ea4: New simple heap: #1 0000000000290000 LB 0x400000 (for 1744896 allocation)
17817dc.ea4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
17917dc.ea4: System32: \Device\HarddiskVolume3\Windows\System32
18017dc.ea4: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
18117dc.ea4: KnownDllPath: C:\Windows\system32
18217dc.ea4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
18317dc.ea4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
18417dc.ea4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
18517dc.ea4: Registered Dll notification callback with NTDLL.
18617dc.ea4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
18717dc.ea4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
18817dc.ea4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
18917dc.ea4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
19017dc.ea4: supR3HardenedDllNotificationCallback: load 0000000076ec0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
19117dc.ea4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
19217dc.ea4: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
19317dc.ea4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
19417dc.ea4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
19517dc.ea4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32\kernel32.dll'
19617dc.ea4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007710b170 pvNtTerminateThread=000000007712d8e0
19713e8.9d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
19817dc.ea4: \SystemRoot\System32\ntdll.dll:
19917dc.ea4: CreationTime: 2016-02-10T00:22:44.962566700Z
20017dc.ea4: LastWriteTime: 2016-01-22T06:24:12.217581500Z
20117dc.ea4: ChangeTime: 2016-02-12T15:28:00.272029700Z
20217dc.ea4: FileAttributes: 0x20
20317dc.ea4: Size: 0x1a73d8
20417dc.ea4: NT Headers: 0xe0
20517dc.ea4: Timestamp: 0x56a1c9c5
20617dc.ea4: Machine: 0x8664 - amd64
20717dc.ea4: Timestamp: 0x56a1c9c5
20817dc.ea4: Image Version: 6.1
20917dc.ea4: SizeOfImage: 0x1aa000 (1744896)
21017dc.ea4: Resource Dir: 0x14e000 LB 0x5a028
21117dc.ea4: ProductName: Microsoft® Windows® Operating System
21217dc.ea4: ProductVersion: 6.1.7601.19135
21317dc.ea4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
21417dc.ea4: FileDescription: NT Layer DLL
21517dc.ea4: \SystemRoot\System32\kernel32.dll:
21617dc.ea4: CreationTime: 2016-02-10T00:22:43.012563300Z
21717dc.ea4: LastWriteTime: 2016-01-22T06:15:31.619000000Z
21817dc.ea4: ChangeTime: 2016-02-12T15:28:02.284433300Z
21917dc.ea4: FileAttributes: 0x20
22017dc.ea4: Size: 0x11c000
22117dc.ea4: NT Headers: 0xe8
22217dc.ea4: Timestamp: 0x56a1c9ab
22317dc.ea4: Machine: 0x8664 - amd64
22417dc.ea4: Timestamp: 0x56a1c9ab
22517dc.ea4: Image Version: 6.1
22617dc.ea4: SizeOfImage: 0x11f000 (1175552)
22717dc.ea4: Resource Dir: 0x116000 LB 0x528
22817dc.ea4: ProductName: Microsoft® Windows® Operating System
22917dc.ea4: ProductVersion: 6.1.7601.19135
23017dc.ea4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
23117dc.ea4: FileDescription: Windows NT BASE API Client DLL
23217dc.ea4: \SystemRoot\System32\KernelBase.dll:
23317dc.ea4: CreationTime: 2016-02-10T00:22:44.650566200Z
23417dc.ea4: LastWriteTime: 2016-01-22T06:15:31.822000000Z
23517dc.ea4: ChangeTime: 2016-02-12T15:28:02.331233400Z
23617dc.ea4: FileAttributes: 0x20
23717dc.ea4: Size: 0x67200
23817dc.ea4: NT Headers: 0xe8
23917dc.ea4: Timestamp: 0x56a1c9ac
24017dc.ea4: Machine: 0x8664 - amd64
24117dc.ea4: Timestamp: 0x56a1c9ac
24217dc.ea4: Image Version: 6.1
24317dc.ea4: SizeOfImage: 0x6b000 (438272)
24417dc.ea4: Resource Dir: 0x69000 LB 0x530
24517dc.ea4: ProductName: Microsoft® Windows® Operating System
24617dc.ea4: ProductVersion: 6.1.7601.19135
24717dc.ea4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
24817dc.ea4: FileDescription: Windows NT BASE API Client DLL
24917dc.ea4: \SystemRoot\System32\apisetschema.dll:
25017dc.ea4: CreationTime: 2016-02-10T00:22:37.848954200Z
25117dc.ea4: LastWriteTime: 2016-01-22T06:12:25.181000000Z
25217dc.ea4: ChangeTime: 2016-02-12T15:28:00.084829400Z
25317dc.ea4: FileAttributes: 0x20
25417dc.ea4: Size: 0x1a00
25517dc.ea4: NT Headers: 0xc0
25617dc.ea4: Timestamp: 0x56a1c890
25717dc.ea4: Machine: 0x8664 - amd64
25817dc.ea4: Timestamp: 0x56a1c890
25917dc.ea4: Image Version: 6.1
26017dc.ea4: SizeOfImage: 0x50000 (327680)
26117dc.ea4: Resource Dir: 0x30000 LB 0x3f8
26217dc.ea4: ProductName: Microsoft® Windows® Operating System
26317dc.ea4: ProductVersion: 6.1.7601.19135
26417dc.ea4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
26517dc.ea4: FileDescription: ApiSet Schema DLL
26617dc.ea4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
26717dc.ea4: supR3HardenedWinFindAdversaries: 0x400
26817dc.ea4: \SystemRoot\System32\drivers\MpFilter.sys:
26917dc.ea4: CreationTime: 2015-03-04T23:34:52.000000000Z
27017dc.ea4: LastWriteTime: 2015-03-04T23:34:52.000000000Z
27117dc.ea4: ChangeTime: 2015-08-29T05:17:42.865617400Z
27217dc.ea4: FileAttributes: 0x20
27317dc.ea4: Size: 0x44738
27417dc.ea4: NT Headers: 0xf0
27517dc.ea4: Timestamp: 0x54efb880
27617dc.ea4: Machine: 0x8664 - amd64
27717dc.ea4: Timestamp: 0x54efb880
27817dc.ea4: Image Version: 6.3
27917dc.ea4: SizeOfImage: 0x44000 (278528)
28017dc.ea4: Resource Dir: 0x42000 LB 0xd50
28117dc.ea4: ProductName: Microsoft Malware Protection
28217dc.ea4: ProductVersion: 4.8.0200.0
28317dc.ea4: FileVersion: 4.8.0200.0
28417dc.ea4: FileDescription: Microsoft antimalware file system filter driver
28517dc.ea4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
28617dc.ea4: CreationTime: 2014-03-11T13:52:30.000000000Z
28717dc.ea4: LastWriteTime: 2015-03-04T23:34:52.000000000Z
28817dc.ea4: ChangeTime: 2015-08-29T05:17:39.979612300Z
28917dc.ea4: FileAttributes: 0x20
29017dc.ea4: Size: 0x1e698
29117dc.ea4: NT Headers: 0xf0
29217dc.ea4: Timestamp: 0x54efb8af
29317dc.ea4: Machine: 0x8664 - amd64
29417dc.ea4: Timestamp: 0x54efb8af
29517dc.ea4: Image Version: 6.3
29617dc.ea4: SizeOfImage: 0x1f000 (126976)
29717dc.ea4: Resource Dir: 0x1c000 LB 0x1b90
29817dc.ea4: ProductName: Microsoft Malware Protection
29917dc.ea4: ProductVersion: 4.8.0200.0
30017dc.ea4: FileVersion: 4.8.0200.0
30117dc.ea4: FileDescription: Microsoft Network Realtime Inspection Driver
30217dc.ea4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
30317dc.ea4: Calling main()
30417dc.ea4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
30517dc.ea4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
30617dc.ea4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
30717dc.ea4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
30817dc.ea4: SUPR3HardenedMain: Respawn #2
30917dc.ea4: supR3HardNtEnableThreadCreation:
31017dc.ea4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
31117dc.ea4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
31217dc.ea4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
31317dc.ea4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
31417dc.ea4: supR3HardenedDllNotificationCallback: load 000007fefcca0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
31517dc.ea4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
31617dc.ea4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcca0000 'C:\Windows\system32\apphelp.dll'
31717dc.ea4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007710b170 pvNtTerminateThread=000000007712d8e0
31817dc.ea4: supR3HardenedWinDoReSpawn(2): New child 60c.1718 [kernel32].
31917dc.ea4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
32017dc.ea4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770e0000 uNtDllChildAddr=00000000770e0000
32117dc.ea4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007710b170
32217dc.ea4: supR3HardenedWinSetupChildInit: Start child.
32317dc.ea4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
32417dc.ea4: supR3HardNtChildPurify: Startup delay kludge #1/0: 527 ms, 41 sleeps
32517dc.ea4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
32617dc.ea4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
32717dc.ea4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
32817dc.ea4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
32917dc.ea4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
33017dc.ea4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
33117dc.ea4: 0000000000041000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
33217dc.ea4: *00000000001d0000-00000000000d3fff 0x0000/0x0004 0x0020000
33317dc.ea4: 00000000002cc000-00000000002c8fff 0x0104/0x0004 0x0020000
33417dc.ea4: 00000000002cf000-00000000002cdfff 0x0004/0x0004 0x0020000
33517dc.ea4: 00000000002d0000-ffffffff894bffff 0x0001/0x0000 0x0000000
33617dc.ea4: *00000000770e0000-00000000770e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
33717dc.ea4: 00000000770e1000-00000000771dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
33817dc.ea4: 00000000771e0000-000000007720efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
33917dc.ea4: 000000007720f000-0000000077216fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34017dc.ea4: 0000000077217000-0000000077217fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34117dc.ea4: 0000000077218000-000000007721afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34217dc.ea4: 000000007721b000-0000000077289fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34317dc.ea4: 000000007728a000-000000006f533fff 0x0001/0x0000 0x0000000
34417dc.ea4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
34517dc.ea4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
34617dc.ea4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
34717dc.ea4: 000000007fff0000-ffffffffc018ffff 0x0001/0x0000 0x0000000
34817dc.ea4: *000000013fe50000-000000013fe50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
34917dc.ea4: 000000013fe51000-000000013fed7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35017dc.ea4: 000000013fed8000-000000013fed8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35117dc.ea4: 000000013fed9000-000000013ff23fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35217dc.ea4: 000000013ff24000-000000013ff24fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35317dc.ea4: 000000013ff25000-000000013ff25fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35417dc.ea4: 000000013ff26000-000000013ff2afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35517dc.ea4: 000000013ff2b000-000000013ff2bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35617dc.ea4: 000000013ff2c000-000000013ff2cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35717dc.ea4: 000000013ff2d000-000000013ff30fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35817dc.ea4: 000000013ff31000-000000013ff7bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35917dc.ea4: 000000013ff7c000-fffff80380af7fff 0x0001/0x0000 0x0000000
36017dc.ea4: *000007feff400000-000007feff400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
36117dc.ea4: 000007feff401000-000007fdfe851fff 0x0001/0x0000 0x0000000
36217dc.ea4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
36317dc.ea4: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
36417dc.ea4: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
36517dc.ea4: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
36617dc.ea4: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
36717dc.ea4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
36817dc.ea4: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
36917dc.ea4: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
37017dc.ea4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
37117dc.ea4: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
37217dc.ea4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
37317dc.ea4: supR3HardNtChildPurify: Done after 543 ms and 0 fixes (loop #0).
37417dc.ea4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
37517dc.ea4: supR3HardNtEnableThreadCreation:
37660c.1718: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
37760c.1718: supR3HardenedVmProcessInit: uNtDllAddr=00000000770e0000
37860c.1718: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
37960c.1718: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1744896 allocation)
38060c.1718: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
38160c.1718: System32: \Device\HarddiskVolume3\Windows\System32
38260c.1718: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
38360c.1718: KnownDllPath: C:\Windows\system32
38460c.1718: supR3HardenedVmProcessInit: Opening vboxdrv...
38560c.1718: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
38660c.1718: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
38760c.1718: Registered Dll notification callback with NTDLL.
38860c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
38960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
39060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
39160c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
39260c.1718: supR3HardenedDllNotificationCallback: load 0000000076ec0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
39360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
39460c.1718: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
39560c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
39660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
39760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32\kernel32.dll'
39860c.1718: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007710b170 pvNtTerminateThread=000000007712d8e0
39917dc.ea4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
40060c.1718: \SystemRoot\System32\ntdll.dll:
40160c.1718: CreationTime: 2016-02-10T00:22:44.962566700Z
40260c.1718: LastWriteTime: 2016-01-22T06:24:12.217581500Z
40360c.1718: ChangeTime: 2016-02-12T15:28:00.272029700Z
40460c.1718: FileAttributes: 0x20
40560c.1718: Size: 0x1a73d8
40660c.1718: NT Headers: 0xe0
40760c.1718: Timestamp: 0x56a1c9c5
40860c.1718: Machine: 0x8664 - amd64
40960c.1718: Timestamp: 0x56a1c9c5
41060c.1718: Image Version: 6.1
41160c.1718: SizeOfImage: 0x1aa000 (1744896)
41260c.1718: Resource Dir: 0x14e000 LB 0x5a028
41360c.1718: ProductName: Microsoft® Windows® Operating System
41460c.1718: ProductVersion: 6.1.7601.19135
41560c.1718: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
41660c.1718: FileDescription: NT Layer DLL
41760c.1718: \SystemRoot\System32\kernel32.dll:
41860c.1718: CreationTime: 2016-02-10T00:22:43.012563300Z
41960c.1718: LastWriteTime: 2016-01-22T06:15:31.619000000Z
42060c.1718: ChangeTime: 2016-02-12T15:28:02.284433300Z
42160c.1718: FileAttributes: 0x20
42260c.1718: Size: 0x11c000
42360c.1718: NT Headers: 0xe8
42460c.1718: Timestamp: 0x56a1c9ab
42560c.1718: Machine: 0x8664 - amd64
42660c.1718: Timestamp: 0x56a1c9ab
42760c.1718: Image Version: 6.1
42860c.1718: SizeOfImage: 0x11f000 (1175552)
42960c.1718: Resource Dir: 0x116000 LB 0x528
43060c.1718: ProductName: Microsoft® Windows® Operating System
43160c.1718: ProductVersion: 6.1.7601.19135
43260c.1718: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
43360c.1718: FileDescription: Windows NT BASE API Client DLL
43460c.1718: \SystemRoot\System32\KernelBase.dll:
43560c.1718: CreationTime: 2016-02-10T00:22:44.650566200Z
43660c.1718: LastWriteTime: 2016-01-22T06:15:31.822000000Z
43760c.1718: ChangeTime: 2016-02-12T15:28:02.331233400Z
43860c.1718: FileAttributes: 0x20
43960c.1718: Size: 0x67200
44060c.1718: NT Headers: 0xe8
44160c.1718: Timestamp: 0x56a1c9ac
44260c.1718: Machine: 0x8664 - amd64
44360c.1718: Timestamp: 0x56a1c9ac
44460c.1718: Image Version: 6.1
44560c.1718: SizeOfImage: 0x6b000 (438272)
44660c.1718: Resource Dir: 0x69000 LB 0x530
44760c.1718: ProductName: Microsoft® Windows® Operating System
44860c.1718: ProductVersion: 6.1.7601.19135
44960c.1718: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
45060c.1718: FileDescription: Windows NT BASE API Client DLL
45160c.1718: \SystemRoot\System32\apisetschema.dll:
45260c.1718: CreationTime: 2016-02-10T00:22:37.848954200Z
45360c.1718: LastWriteTime: 2016-01-22T06:12:25.181000000Z
45460c.1718: ChangeTime: 2016-02-12T15:28:00.084829400Z
45560c.1718: FileAttributes: 0x20
45660c.1718: Size: 0x1a00
45760c.1718: NT Headers: 0xc0
45860c.1718: Timestamp: 0x56a1c890
45960c.1718: Machine: 0x8664 - amd64
46060c.1718: Timestamp: 0x56a1c890
46160c.1718: Image Version: 6.1
46260c.1718: SizeOfImage: 0x50000 (327680)
46360c.1718: Resource Dir: 0x30000 LB 0x3f8
46460c.1718: ProductName: Microsoft® Windows® Operating System
46560c.1718: ProductVersion: 6.1.7601.19135
46660c.1718: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
46760c.1718: FileDescription: ApiSet Schema DLL
46860c.1718: NtOpenDirectoryObject failed on \Driver: 0xc0000022
46960c.1718: supR3HardenedWinFindAdversaries: 0x400
47060c.1718: \SystemRoot\System32\drivers\MpFilter.sys:
47160c.1718: CreationTime: 2015-03-04T23:34:52.000000000Z
47260c.1718: LastWriteTime: 2015-03-04T23:34:52.000000000Z
47360c.1718: ChangeTime: 2015-08-29T05:17:42.865617400Z
47460c.1718: FileAttributes: 0x20
47560c.1718: Size: 0x44738
47660c.1718: NT Headers: 0xf0
47760c.1718: Timestamp: 0x54efb880
47860c.1718: Machine: 0x8664 - amd64
47960c.1718: Timestamp: 0x54efb880
48060c.1718: Image Version: 6.3
48160c.1718: SizeOfImage: 0x44000 (278528)
48260c.1718: Resource Dir: 0x42000 LB 0xd50
48360c.1718: ProductName: Microsoft Malware Protection
48460c.1718: ProductVersion: 4.8.0200.0
48560c.1718: FileVersion: 4.8.0200.0
48660c.1718: FileDescription: Microsoft antimalware file system filter driver
48760c.1718: \SystemRoot\System32\drivers\NisDrvWFP.sys:
48860c.1718: CreationTime: 2014-03-11T13:52:30.000000000Z
48960c.1718: LastWriteTime: 2015-03-04T23:34:52.000000000Z
49060c.1718: ChangeTime: 2015-08-29T05:17:39.979612300Z
49160c.1718: FileAttributes: 0x20
49260c.1718: Size: 0x1e698
49360c.1718: NT Headers: 0xf0
49460c.1718: Timestamp: 0x54efb8af
49560c.1718: Machine: 0x8664 - amd64
49660c.1718: Timestamp: 0x54efb8af
49760c.1718: Image Version: 6.3
49860c.1718: SizeOfImage: 0x1f000 (126976)
49960c.1718: Resource Dir: 0x1c000 LB 0x1b90
50060c.1718: ProductName: Microsoft Malware Protection
50160c.1718: ProductVersion: 4.8.0200.0
50260c.1718: FileVersion: 4.8.0200.0
50360c.1718: FileDescription: Microsoft Network Realtime Inspection Driver
50460c.1718: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
50560c.1718: Calling main()
50660c.1718: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
50760c.1718: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
50860c.1718: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
50960c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
51060c.1718: SUPR3HardenedMain: Final process, opening VBoxDrv...
51160c.1718: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
51260c.1718: supR3HardNtEnableThreadCreation:
51360c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
51460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
51560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb781:<flags> [calling]
51660c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
51760c.1718: supR3HardenedDllNotificationCallback: load 000007fefa5c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
51860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
51960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
52060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8f01:<flags> [calling]
52160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
52260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
52360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8f01:<flags> [calling]
52460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
52560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
52660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
52760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
52860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
52960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
53060c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
53160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
53260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
53360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
53460c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
53560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
53660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
53760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
53860c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
53960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
54060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
54160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
54260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
54360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
54460c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
54560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
54660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
54760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
54860c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
54960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
55060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
55160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
55260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
55360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
55460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
55560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
55660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd591:<flags> [calling]
55760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55860c.1718: supR3HardenedDllNotificationCallback: load 000007fefd1d0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
55960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
56060c.1718: supR3HardenedDllNotificationCallback: load 000007fefdac0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
56160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
56260c.1718: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
56360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
56460c.1718: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
56560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
56660c.1718: supR3HardenedDllNotificationCallback: load 000007feff2c0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
56760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
56860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\Wintrust.dll'
56960c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
57060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
57160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd591:<flags> [calling]
57260c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
57360c.1718: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
57460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
57560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\bcrypt.dll'
57660c.1718: bcrypt.dll loaded at 000007fefc7f0000, BCryptOpenAlgorithmProvider at 000007fefc7f2640, preloading providers:
57760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
57860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
57960c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
58060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
58160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
58260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
58360c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
58460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
58560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
58660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
58760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
58860c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
58960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
59060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
59160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
59260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
59360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
59460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
59560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
59660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd581:<flags> [calling]
59760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
59860c.1718: supR3HardenedDllNotificationCallback: load 000007fefc2e0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
59960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
60060c.1718: supR3HardenedDllNotificationCallback: load 000007fefdd60000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
60160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
60260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
60360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
60460c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
60560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
60660c.1718: supR3HardenedDllNotificationCallback: load 000007fefd770000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
60760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
60860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2e0000 'C:\Windows\system32\bcryptprimitives.dll'
60960c.1718: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007dcd10)
61060c.1718: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007debd0)
61160c.1718: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007decf0)
61260c.1718: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007def00)
61360c.1718: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007df020)
61460c.1718: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007df140)
61560c.1718: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007df380)
61660c.1718: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007df4a0)
61760c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
61860c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
61960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
62060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
62160c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
62260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
62360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
62460c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
62560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd0e1:<flags> [calling]
62660c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
62760c.1718: supR3HardenedDllNotificationCallback: load 000007fefc6a0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
62860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
62960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6a0000 'C:\Windows\system32\CRYPTSP.dll'
63060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
63160c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
63260c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
63360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
63460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
63560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
63660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd071:<flags> [calling]
63760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
63860c.1718: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
63960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
64060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\rsaenh.dll'
64160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
64260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc901:<flags> [calling]
64360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
64460c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
64560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
64660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc81:<flags> [calling]
64760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
64860c.1718: supR3HardenedDllNotificationCallback: load 000007fefcd00000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
64960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
65060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\CRYPTBASE.dll'
65160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
65260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc6b1:<flags> [calling]
65360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32\kernel32.dll'
65460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd041:<flags> [calling]
65660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\WINTRUST.DLL'
65760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
65860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cce71:<flags> [calling]
65960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPT32.dll'
66060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
66160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
66260c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
66360c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
66460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
66560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
66660c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
66760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
66860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
66960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
67060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccec1:<flags> [calling]
67160c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
67260c.1718: supR3HardenedDllNotificationCallback: load 000007feff2a0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
67360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
67460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\Windows\system32\imagehlp.dll'
67560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
67660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd011:<flags> [calling]
67760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6a0000 'C:\Windows\system32\CRYPTSP.dll'
67860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
67960c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
68060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
68160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
68260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
68360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
68460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
68560c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
68660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
68760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
68860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
68960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
69060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
69160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
69260c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
69360c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
69460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
69560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
69660c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
69760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
69860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
69960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
70060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
70160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
70260c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
70360c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
70460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
70560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
70660c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
70760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
70860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
70960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
71060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
71160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
71260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
71360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
71460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
71560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
71660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
71760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
71860c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
71960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccb41:<flags> [calling]
72060c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
72160c.1718: supR3HardenedDllNotificationCallback: load 0000000076fe0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
72260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
72360c.1718: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
72460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
72560c.1718: supR3HardenedDllNotificationCallback: load 000007fefdc00000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
72660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
72760c.1718: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
72860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
72960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
73060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc041:<flags> [calling]
73160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\gdi32.dll'
73260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
73360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
73460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
73560c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
73660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
73760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
73860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
73960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
74160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
74260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
74360c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
74460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
74560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
74660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
74760c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
74860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
74960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
75060c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
75160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
75260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
75360c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
75460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
75560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
75660c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
75760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
75860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
75960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
76060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb981:<flags> [calling]
76460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
76560c.1718: supR3HardenedDllNotificationCallback: load 000007fefece0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
76660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
76760c.1718: supR3HardenedDllNotificationCallback: load 000007fefebd0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
76860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
76960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefece0000 'C:\Windows\system32\IMM32.DLL'
77060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\USER32.dll'
77160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
77260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
77360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
77460c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
77560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
77660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
77760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
77860c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
77960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
78060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
78160c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
78260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
78360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
78460c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
78560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cce41:<flags> [calling]
78660c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
78760c.1718: supR3HardenedDllNotificationCallback: load 000007fefc820000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
78860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
78960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc820000 'C:\Windows\system32\ncrypt.dll'
79060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
79160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc31:<flags> [calling]
79260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\bcrypt.dll'
79360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
79460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
79560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
79660c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
79760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
79860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
79960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
80060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
80160c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
80260c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
80360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
80460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
80560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
80660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
80760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
80860c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
80960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
81060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
81160c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
81260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc5f1:<flags> [calling]
81360c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
81460c.1718: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
81560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
81660c.1718: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
81760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
81860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\USERENV.dll'
81960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc351:<flags> [calling]
82060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
82160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc6e1:<flags> [calling]
82260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
82360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
82460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
82560c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
82660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
82760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
82860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
82960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
83060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
83160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
83260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
83360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc911:<flags> [calling]
83460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
83560c.1718: supR3HardenedDllNotificationCallback: load 000007fefc120000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
83660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
83760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc120000 'C:\Windows\system32\GPAPI.dll'
83860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc861:<flags> [calling]
83960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-Management-L1-1-0.dll'
84060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
84160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbf61:<flags> [calling]
84260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\rpcrt4.dll'
84360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc841:<flags> [calling]
84460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-Management-L2-1-0.dll'
84560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc851:<flags> [calling]
84660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
84760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
84960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
85060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
85160c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
85260c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
85360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
85460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
85560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
85660c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
85760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
85860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
85960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
86060c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
86160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
86260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
86360c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
86460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86660c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
87060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc331:<flags> [calling]
87160c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87260c.1718: supR3HardenedDllNotificationCallback: load 000007fef73d0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
87360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87460c.1718: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
87560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
87660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
87860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
87960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
88160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
88260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
88460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
88560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
88760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
88860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
89060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
89160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000002cb561:<flags> [calling]
89360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
89460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
89660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
89860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
90060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
90160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
90260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
90360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
90460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
90560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
90660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
90760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbcc1:<flags> [calling]
90860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
90960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
91060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbcc1:<flags> [calling]
91160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\profapi.dll'
91260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
91360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
91460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
91560c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
91660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
91760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
91860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
91960c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
92060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
92160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
92260c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
92360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
92460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
92560c.1718: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
92660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb761:<flags> [calling]
92760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
92860c.1718: supR3HardenedDllNotificationCallback: load 000007fefdce0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
92960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
93060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\SHLWAPI.dll'
93160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
93260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008273a0
93360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
93460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=881FA305C5390C7D979151AFB211130389B9E066
93560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc601:<flags> [calling]
93660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
93760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc161:<flags> [calling]
93860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-Management-L1-1-0.dll'
93960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc161:<flags> [calling]
94060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
94160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
94260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc601:<flags> [calling]
94360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
94460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc5b1:<flags> [calling]
94560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
94660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc2a1:<flags> [calling]
94760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
94860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
94960c.1718: g_pfnWinVerifyTrust=000007fefd1d1010
95060c.1718: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
95160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
95260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
95360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
95460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
95560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
95660c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
95760c.1718: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
95860c.1718: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
95960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
96060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
96160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
96260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
96360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
96460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96560c.1718: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
96660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
96760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
96860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
96960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
97060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
97160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97260c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
97360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
97460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
97560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
97660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
97760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
97860c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97960c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
98060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
98160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
98260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
98360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
98460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
98560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
98660c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
98760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
98860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
98960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
99060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
99160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
99260c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
99360c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
99460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
99560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
99660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
99760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
99860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
99960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100060c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
100160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
100260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
100360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
100460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
100560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
100660c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100760c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
100860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
100960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
101060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
101160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1D092E2A4891EA2A659F7204097B2FDEA00B39
101260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
101360c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
101460c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
101560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
101660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
101760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
101860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
101960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
102060c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102160c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
102260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
102360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
102460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
102560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
102660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
102760c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102860c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
102960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
103060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
103160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
103260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
103360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
103460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
103560c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
103660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
103760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
103860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
103960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
104060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
104160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
104260c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
104360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
104460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
104560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
104660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
104760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
104860c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
104960c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
105060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
105160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
105260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
105360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
105460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
105560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
105660c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
105760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
105860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
105960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
106060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
106160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
106260c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106360c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
106460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
106560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
106660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
106760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B332BBD335EB2D5000C2255987CB8F1140EB342
106860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
106960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107060c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
107160c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
107260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
107360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
107460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
107560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
107660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
107760c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107860c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
107960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
108060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
108160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
108260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
108360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
108460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108560c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
108660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
108760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
108860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
108960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D906429F9D53CF720E851B490EC83BEAAF9B21A
109060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_151_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
109160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
109260c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
109360c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
109460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
109560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
109660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
109760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
109860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
109960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110060c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
110160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
110260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
110360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
110460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
110560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
110660c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110760c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
110860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
110960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
111060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
111160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
111260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
111360c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
111460c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
111560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
111660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
111760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
111860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7ADE500A5ED2DBC433C8ECAF28966675E5CFE36
111960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
112060c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
112160c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
112260c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
112360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
112460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
112560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
112660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=051C28F4FFE71436B92254D1A7955B1849CE5AA5
112760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
112860c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
112960c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
113060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
113160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
113260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
113360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD27BC39174E86B1E177AF200D6BC895B032AB0E
113460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
113560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
113660c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
113760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
113860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc0b1:<flags> [calling]
113960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\crypt32.dll'
114060c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
114160c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
114260c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
114360c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa7e99a415ff0c800 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
114460c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
114560c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
114660c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
114760c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
114860c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
114960c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xfc2ac51edc47cc00 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
115060c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
115160c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
115260c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
115360c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
115460c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
115560c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
115660c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
115760c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
115860c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
115960c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
116060c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
116160c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
116260c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
116360c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
116460c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
116560c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
116660c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
116760c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
116860c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
116960c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
117060c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
117160c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
117260c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
117360c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
117460c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
117560c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
117660c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
117760c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
117860c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
117960c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
118060c.1718: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
118160c.1718: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
118260c.1718: SUPR3HardenedMain: Load Runtime...
118360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
118460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
118560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
118660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
118760c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
118860c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
118960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
119060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
119160c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
119260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
119360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
119460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
119560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
119660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
119760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
119860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
119960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
120060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
120160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
120260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
120360c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
120460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
120560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
120660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
120760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
120860c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
120960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
121060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
121160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
121260c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
121360c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
121460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
121560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
121660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
121760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
121860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
121960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
122060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
122160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
122260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
122360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
122460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
122560c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
122660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
122760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
122860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
122960c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
123060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
123160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
123260c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
123360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc3d1:<flags> [calling]
123460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
123560c.1718: supR3HardenedDllNotificationCallback: load 000007fee5be0000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
123660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
123760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
123860c.1718: supR3HardenedDllNotificationCallback: load 000000006dcf0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
123960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
124060c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
124160c.1718: supR3HardenedDllNotificationCallback: load 000000006dc50000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
124260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
124360c.1718: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
124460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
124560c.1718: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
124660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
124760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
124860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
124960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
125160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
125260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
125460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
125560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
125760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
125860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
126060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
126160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
126360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
126460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
127360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
127460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
129160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9b11:<flags> [calling]
129260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5be0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
129760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdf31:<flags> [calling]
129860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\Wintrust.dll'
129960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
130060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cca91:<flags> [calling]
130160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\crypt32.dll'
130260c.1718: SUPR3HardenedMain: Load TrustedMain...
130360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
130460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
130560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
130660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
130760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
130860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
130960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
131060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
131160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
131260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
131360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
131460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
131560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
131660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
131760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
131860c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
131960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
132060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
132160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
132260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
132360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
132460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
132560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
132660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
132760c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
132960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
133060c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
133160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
133260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
133360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
133460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
133560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
133660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
133760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
133860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
133960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
134060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
134160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
134260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
134360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
134460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
134560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
134660c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
134760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
134860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
134960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
135060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
135160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
135260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
135360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
135460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
135560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
135660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
135760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
135860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
135960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
136060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
136160c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
136260c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
136360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
136460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
136560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
136660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
136760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
136860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE77ABAC364F51C94584A3AF7DD90656C74CFAB9
136960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3126593~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
137060c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
137260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
137360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
137460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
137560c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
137660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
137760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
137860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
137960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
138060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
138160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
138260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=099C901656A370A7121E2F44A89052BDA6B504DB
138360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
138460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
138560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
138660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
138760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
138860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
138960c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
139060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
139160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
139260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
139360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
139460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
139560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
139660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
139760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
140060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
140160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
140260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
140360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
140460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
140560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
140660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
140760c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
140860c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
140960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
141060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
141160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
141260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
141360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
141460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
141560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
141660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
141760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
141860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
141960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
142060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
142160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
142260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
142360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
142460c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
142560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
142660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
142760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
142860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
142960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
143060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
143160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
143260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
143360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
143460c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
143560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
143660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
143760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
143860c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
143960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
144060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
144160c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
144260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
144360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
144460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
144560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
144660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
144760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
144860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
144960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
145060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
145160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
145260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
145360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
145460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
145560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
145660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
145760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
145860c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
145960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
146060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
146160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
146260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
146360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
146460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
146560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
146660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
146760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
146860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
146960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
147060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
147160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
147260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
147360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
147460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
147560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
147660c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
147760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
147860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
147960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
148060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
148160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
148260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
148360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
148460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
148560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
148660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
148760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
148860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
148960c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
149060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
149160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
149260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
149360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
149460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
149560c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
149660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
149760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
149860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
149960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
150060c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
150160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
150260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
150360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
150460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
150560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
150660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
150760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
150860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
150960c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
151060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
151160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
151260c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
151360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
151660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
151760c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
151860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
151960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
152060c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
152160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
152260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
152360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
152460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
152560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
152660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
152760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
152860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
152960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
153060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
153160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
153260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
153360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
153460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
153560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
153660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv
153760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
153860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
153960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
154060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv'
154160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
154260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
154360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
154460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
154560c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) WinVerifyTrust
154660c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
154760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
154860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
154960c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
155060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
155160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
155260c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
155360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
155460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
155560c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
155660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
155760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
155860c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
155960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
156060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
156160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
156260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
156360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
156460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
156560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
156660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
156760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
156860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
156960c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
157060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
157160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
157260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
157360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
157460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
157560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
157660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
157760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
157860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
157960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
158160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
158260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
158360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
158460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
158560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
158660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
158760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
158860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
159460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159860c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
159960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
160060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
160160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
160260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
160360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
160460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
160560c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
160660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
160760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
160860c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
160960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
161060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
161160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll
161260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
161360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
161460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
161560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
161660c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
161760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
161860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
161960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
162060c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
162160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
162260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
162660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
162760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
162860c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
162960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
163060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
163160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
163460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
163560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163960c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
164060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
164160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
164260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
164460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
164560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
164660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
165160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
165260c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
165360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
165460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
165560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
165660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
165760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
165860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
165960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
166060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
166160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
166260c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
166360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
166560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
166660c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
166760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
166860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
166960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
167060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
167160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
167260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
167360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
167460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
167560c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
167660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
167760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
167860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
167960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
168060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
168160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
168260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
168360c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
168460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
168560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
168660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
168860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
168960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
169060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
169160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
169260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
169360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
169460c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
169560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
169660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
169760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
169860c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) WinVerifyTrust
169960c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
170060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
170360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
170460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
170760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
170860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
170960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
171060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
171160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
171260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
171360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
171460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
171560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
171660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
171760c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
171860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
171960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
172060c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
172160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
172260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
172360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
172460c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
172560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
172660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
172860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
172960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
173060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
173160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
173260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
173360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
173460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
173560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
173660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
173760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
173860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
173960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
174060c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
174160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
174260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
174360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
174460c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
174560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
174660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
174960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
175360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
175460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
175560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
175660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
175960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
176060c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
176160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc3e1:<flags> [calling]
176460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
176560c.1718: supR3HardenedDllNotificationCallback: load 000007fee5120000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
176660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
176760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
176860c.1718: supR3HardenedDllNotificationCallback: load 000007feeb720000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
176960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
177060c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
177160c.1718: supR3HardenedDllNotificationCallback: load 000007feeb6a0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
177260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
177360c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
177460c.1718: supR3HardenedDllNotificationCallback: load 000007feeb590000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
177560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
177660c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
177760c.1718: supR3HardenedDllNotificationCallback: load 000007feeb580000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
177860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
177960c.1718: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
178060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
178160c.1718: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
178260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
178360c.1718: supR3HardenedDllNotificationCallback: load 000007fefd490000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
178460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
178560c.1718: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
178660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
178760c.1718: supR3HardenedDllNotificationCallback: load 000007fefd180000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
178860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
178960c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
179060c.1718: supR3HardenedDllNotificationCallback: load 000007fefb170000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
179160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
179260c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
179360c.1718: supR3HardenedDllNotificationCallback: load 000000006c090000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
179460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
179560c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
179660c.1718: supR3HardenedDllNotificationCallback: load 000000006b720000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
179760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
179860c.1718: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
179960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
180060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
180160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
180260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
180360c.1718: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
180460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
180560c.1718: supR3HardenedDllNotificationCallback: load 000007fefaf20000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
180660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
180760c.1718: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
180860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
180960c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
181060c.1718: supR3HardenedDllNotificationCallback: load 000007fef9ac0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
181160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
181260c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
181360c.1718: supR3HardenedDllNotificationCallback: load 000007fef9750000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
181460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
181560c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
181660c.1718: supR3HardenedDllNotificationCallback: load 000000006b640000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
181760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
181860c.1718: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
181960c.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
182060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
182160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
182260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
182360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
182460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
182560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
182660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
182760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb9b1:<flags> [calling]
182860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefece0000 'C:\Windows\system32\imm32.dll'
182960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5120000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
183060c.1718: SUPR3HardenedMain: Calling TrustedMain (000007fee51210d0)...
183160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
183260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cf181:<flags> [calling]
183360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
183460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
183560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
183660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
183760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
183860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
183960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
184060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
184160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
184260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
184360c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
184460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
184560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
184660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
184760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
184860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
184960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce9a1:<flags> [calling]
185260c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
185360c.1718: supR3HardenedDllNotificationCallback: load 000007fefb5d0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
185460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
185560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
185660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
185760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce3e1:<flags> [calling]
185860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
185960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
186060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce151:<flags> [calling]
186160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
186260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
186360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce151:<flags> [calling]
186460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
186560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
186660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce611:<flags> [calling]
186760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb170000 'C:\Windows\system32\dwmapi.dll'
186860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
186960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cee31:<flags> [calling]
187060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\CRYPTBASE.dll'
187160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
187260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cefe1:<flags> [calling]
187360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'C:\Windows\system32\shell32.dll'
187460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
187560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cef31:<flags> [calling]
187660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32\kernel32.dll'
187760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
187860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cefb1:<flags> [calling]
187960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
188060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
188160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cf021:<flags> [calling]
188260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
188360c.1718: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
188460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cf141:<flags> [calling]
188560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
188660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\user32.dll'
188760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
188860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cf191:<flags> [calling]
188960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
189060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\user32.dll'
189160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\advapi32.dll'
189260c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
189360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ceff1:<flags> [calling]
189460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\userenv.dll'
189560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
189660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ceff1:<flags> [calling]
189760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32\kernel32.dll'
189860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
189960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
190060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
190160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
190260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
190360c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
190460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
190560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
190660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
190760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
190860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
190960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
191060c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust
191160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
191260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
191360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
191460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
191560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
191660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
191760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
191860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
191960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
192060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
192160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
192260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
192360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
192460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192660c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
192760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbfd1:<flags> [calling]
192860c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
192960c.1718: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
193060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
193160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\Windows\system32\CLBCatQ.DLL'
193260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
193360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
193460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cadc1:<flags> [calling]
193560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6a0000 'C:\Windows\system32\CRYPTSP.dll'
193660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
193760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
193860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
193960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
194060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll'
194160c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
194260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
194360c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
194460c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
194560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
194660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
194760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca991:<flags> [calling]
194860c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
194960c.1718: supR3HardenedDllNotificationCallback: load 000007fefcdb0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
195060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
195160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdb0000 'C:\Windows\system32\RpcRtRemote.dll'
195260c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
195360c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
195460c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
195560c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
195660c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
195760c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
195860c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
195960c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
196060c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
196160c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
196260c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
196360c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
196460c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
196560c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
196660c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
196760c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
196860c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
196960c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
197060c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
197160c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
197260c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
197360c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
197460c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume3\Windows\System32\version.dll
197560c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
197660c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
197760c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
197860c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\version.dll'
197960c.f4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
198060c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
198160c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust
198260c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
198360c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
198460c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
198560c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
198660c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
198760c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
198860c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
198960c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
199060c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000674 pwszName=\Device\HarddiskVolume3\Windows\System32\psapi.dll
199160c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
199260c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
199360c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
199460c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\psapi.dll'
199560c.f4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
199660c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll) WinVerifyTrust
199760c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll
199860c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
199960c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
200060c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
200160c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
200260c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
200360c.f4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
200460c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
200560c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200660c.f4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047cea01:<flags> [calling]
200760c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
200860c.f4c: supR3HardenedDllNotificationCallback: load 000007fede880000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
200960c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
201060c.f4c: supR3HardenedDllNotificationCallback: load 00000000772a0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
201160c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll
201260c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
201360c.f4c: supR3HardenedDllNotificationCallback: load 000007fefbca0000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
201460c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
201560c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede880000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
201660c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
201760c.f4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047cd581:<flags> [calling]
201860c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\oleaut32.dll'
201960c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume3\Windows\System32\sxs.dll
202060c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
202160c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
202260c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
202360c.f4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\sxs.dll'
202460c.f4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
202560c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sxs.dll) WinVerifyTrust
202660c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sxs.dll
202760c.f4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047cdb31:<flags> [calling]
202860c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sxs.dll
202960c.f4c: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
203060c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sxs.dll
203160c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\Windows\system32\SXS.DLL'
203260c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
203360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
203460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb421:<flags> [calling]
203560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
203660c.1718: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
203760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb7d1:<flags> [calling]
203860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
203960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\gdi32.dll'
204060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\user32.dll'
204160c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
204260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cebe1:<flags> [calling]
204360c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'C:\Windows\system32\shell32.dll'
204460c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
204560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
204660c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd931:<flags> [calling]
204760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
204860c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
204960c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cec41:<flags> [calling]
205060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb170000 'C:\Windows\system32\dwmapi.dll'
205160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5d0000 'C:\Windows\system32\uxtheme.dll'
205260c.1718: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
205360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
205460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
205560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
205660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
205760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
205860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
205960c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
206060c.1718: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
206160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cb3b1:<flags> [calling]
206260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
206360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
206460c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca5e1:<flags> [calling]
206560c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\WINMM.dll'
206660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
206760c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cac51:<flags> [calling]
206860c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb170000 'C:\Windows\system32\dwmapi.dll'
206960c.1470: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
207060c.494: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
207160c.1470: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000524faa1:<flags> [calling]
207260c.1470: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
207360c.c18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
207460c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
207560c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc001:<flags> [calling]
207660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
207760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
207860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000071c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
207960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
208060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
208160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
208260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
208360c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
208460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
208560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
208660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
208760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
208860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
208960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
209060c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
209160c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
209260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
209360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
209460c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
209560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
209660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
209760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
209860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
209960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
210060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
210160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
210260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
210360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006d8 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
210460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
210560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
210660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
210760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
210860c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
210960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
211060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
211160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
211260c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
211360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
211460c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
211560c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
211660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
211760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
211860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
211960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
212060c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
212160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
212260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
212360c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
212460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
212560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
212660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
212760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
212860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
212960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
213060c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca951:<flags> [calling]
213160c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
213260c.1718: supR3HardenedDllNotificationCallback: load 000007fefaed0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
213360c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
213460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
213560c.1718: supR3HardenedDllNotificationCallback: load 000007fefabd0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
213660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
213760c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaed0000 'C:\Windows\system32\wbem\wbemprox.dll'
213860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006b0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
213960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
214060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
214160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
214260c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
214360c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
214460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
214660c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
214760c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
214860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
214960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
215060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
215160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
215260c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca511:<flags> [calling]
215360c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
215460c.1718: supR3HardenedDllNotificationCallback: load 000007fefaeb0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
215560c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
215660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaeb0000 'C:\Windows\system32\wbem\wbemsvc.dll'
215760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006f0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
215860c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
215960c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
216060c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
216160c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
216260c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
216360c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
216460c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
216560c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
216660c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
216760c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
216860c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
216960c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
217060c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
217160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
217260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
217360c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000072c pwszName=\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
217460c.1718: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
217560c.1718: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
217660c.1718: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
217760c.1718: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll'
217860c.1718: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
217960c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
218060c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
218160c.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
218260c.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll) WinVerifyTrust
218360c.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
218460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
218560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
218660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
218760c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
218860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
218960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
219060c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
219160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
219260c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
219360c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
219460c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
219560c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
219660c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
219760c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
219860c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
219960c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
220060c.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
220160c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
220260c.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
220360c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca551:<flags> [calling]
220460c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
220560c.1718: supR3HardenedDllNotificationCallback: load 000007feecbf0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
220660c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
220760c.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
220860c.1718: supR3HardenedDllNotificationCallback: load 000007fefb780000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
220960c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
221060c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecbf0000 'C:\Windows\system32\wbem\fastprox.dll'
221160c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.dll'
221260c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
221360c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
221460c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
221560c.15c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
221660c.15c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
221760c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
221860c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
221960c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
222060c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
222160c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
222260c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
222360c.15c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
222460c.15c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
222560c.15c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
222660c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
222760c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
222860c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
222960c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
223060c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
223160c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
223260c.15c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
223360c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
223460c.15c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
223560c.15c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000050fe8c1:<flags> [calling]
223660c.15c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
223760c.15c0: supR3HardenedDllNotificationCallback: load 000007fee6920000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
223860c.15c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
223960c.15c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
224060c.15c0: supR3HardenedDllNotificationCallback: load 000000006b530000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
224160c.15c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
224260c.15c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6920000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
224360c.d34: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
224460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
224560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
224660c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys)
224760c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys
224860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
224960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
225060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
225160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
225260c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys)
225360c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys
225460c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
225560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
225660c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys)
225760c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys
225860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
225960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
226060c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys)
226160c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys
226260c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
226360c.a24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxDrv.sys'
226460c.a24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxUSBMon.sys'
226560c.a24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetLwf.sys'
226660c.a24: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\drivers\VBoxNetAdp6.sys'
226760c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
226860c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
226960c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
227060c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
227160c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
227260c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
227360c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
227460c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
227560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
227660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
227760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
227860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
227960c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
228060c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
228160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
228260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
228360c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
228460c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
228560c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
228660c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
228760c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
228860c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
228960c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe) WinVerifyTrust
229060c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
229160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
229260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
229360c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
229460c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
229560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
229660c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
229760c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
229860c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
229960c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys) WinVerifyTrust
230060c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\netio.sys
230160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
230260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
230360c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
230460c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
230560c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
230660c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys) WinVerifyTrust
230760c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys
230860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
230960c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
231060c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
231160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
231260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
231360c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
231460c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
231560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
231660c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys
231760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
231860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
231960c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\netio.sys
232060c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
232160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
232260c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
232360c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
232460c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
232560c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\hal.dll) WinVerifyTrust
232660c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\hal.dll
232760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
232860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
232960c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
233060c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
233160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
233260c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
233360c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
233460c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drivers\msrpc.sys
233560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
233660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
233760c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drivers\ndis.sys
233860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
233960c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
234060c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
234160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
234260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume3\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
234360c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
234460c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ci.dll) WinVerifyTrust
234560c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ci.dll
234660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
234760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume3\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
234860c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
234960c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clfs.sys) WinVerifyTrust
235060c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clfs.sys
235160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
235260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume3\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
235360c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
235460c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
235560c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kdcom.dll) WinVerifyTrust
235660c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kdcom.dll
235760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
235860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
235960c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll
236060c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
236160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume3\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
236260c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
236360c.a24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
236460c.a24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PSHED.DLL) WinVerifyTrust
236560c.a24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PSHED.DLL
236660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
236760c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
236860c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll
236960c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
237060c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
237160c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
237260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
237360c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume3\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
237460c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\hal.dll
237560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
237660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
237760c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
237860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
237960c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
238060c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe
238160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
238260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
238360c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
238460c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
238560c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
238660c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume3\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
238760c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PSHED.DLL
238860c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
238960c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume3\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
239060c.a24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kdcom.dll
239160c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
239260c.a24: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume3\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
239360c.a24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006e7dd41:<flags> [calling]
239460c.a24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
239560c.a24: supR3HardenedDllNotificationCallback: load 000007fefa5d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
239660c.a24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
239760c.a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
239860c.158c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
239960c.158c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
240060c.158c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
240160c.158c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
240260c.158c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
240360c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
240460c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
240560c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
240660c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
240760c.158c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
240860c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
240960c.158c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
241060c.158c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000071bdb81:<flags> [calling]
241160c.158c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
241260c.158c: supR3HardenedDllNotificationCallback: load 000007fef9670000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
241360c.158c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
241460c.158c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9670000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
241560c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
241660c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
241760c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
241860c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
241960c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
242060c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
242160c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
242260c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
242360c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
242460c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
242560c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
242660c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
242760c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000072cdc41:<flags> [calling]
242860c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
242960c.17c8: supR3HardenedDllNotificationCallback: load 000007fef9660000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
243060c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
243160c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9660000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
243260c.ce4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
243360c.ce4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
243460c.ce4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
243560c.ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
243660c.ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
243760c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
243860c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
243960c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
244060c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
244160c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
244260c.ce4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
244360c.ce4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005cadaa1:<flags> [calling]
244460c.ce4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
244560c.ce4: supR3HardenedDllNotificationCallback: load 000007fef9650000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
244660c.ce4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
244760c.ce4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9650000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
244860c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
244960c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005ef8b81:<flags> [calling]
245060c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
245160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'C:\Windows\system32/Shell32.dll'
245260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
245360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005ef77d1:<flags> [calling]
245460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
245560c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
245660c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005ef7811:<flags> [calling]
245760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\profapi.dll'
245860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
245960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
246060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
246160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
246260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
246360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
246460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
246560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
246660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
246760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
246860c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
246960c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
247060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
247160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
247260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
247360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
247460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
247560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
247660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
247760c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
247860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
248060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
248160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
248260c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
248360c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
248460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
248560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
248660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
248760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
248860c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
248960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
249060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
249160c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
249260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
249360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
249460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
249560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
249660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
249760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
249860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
249960c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
250060c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
250160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
250260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
250360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
250460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
250560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
250660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
250760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
250860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
250960c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
251060c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
251160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
251260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
251360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
251460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
251560c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
251660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
251760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
251860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
251960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
252060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
252160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume3\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
252260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cfc pwszName=\Device\HarddiskVolume3\Windows\System32\newdev.dll
252360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
252460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
252560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
252660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume3\Windows\System32\newdev.dll'
252760c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
252860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
253060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
253160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
253260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
253360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
253460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
253560c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\newdev.dll) WinVerifyTrust
253660c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\newdev.dll
253760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
253860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
253960c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
254060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
254160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
254260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
254360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
254460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
254560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
254660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
254760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
254860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
254960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
255060c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
255160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
255260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
255360c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
255460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
255560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
255660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
255760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
255860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce8 pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll
255960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
256060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
256160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
256260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
256360c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
256460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
256660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
256760c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
256860c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
256960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
257060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
257160c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
257260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
257360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
257460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
257560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
257660c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
257760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
257860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
257960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
258160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
258260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
258360c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
258460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
258560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
258660c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
258760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
258860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
258960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
259060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
259160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
259260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
259360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
259460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
259560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
259660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
259760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd6a1:<flags> [calling]
259860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
259960c.d34: supR3HardenedDllNotificationCallback: load 000007feddf90000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
260060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
260160c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
260260c.d34: supR3HardenedDllNotificationCallback: load 000007fefa290000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
260360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
260460c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
260560c.d34: supR3HardenedDllNotificationCallback: load 000007fefa300000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
260660c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
260760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
260860c.d34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll)
260960c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
261060c.d34: supR3HardenedDllNotificationCallback: load 000007fefc140000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
261160c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
261260c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
261360c.d34: supR3HardenedDllNotificationCallback: load 000007fee9b00000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
261460c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
261560c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
261660c.d34: supR3HardenedDllNotificationCallback: load 000007fef95a0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
261760c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
261860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
261960c.d34: supR3HardenedDllNotificationCallback: load 000007fef9590000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
262060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
262160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feddf90000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
262260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d08 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
262360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
262460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
262560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
262660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
262760c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
262860c.d34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
262960c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
263060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
263160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
263260c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd6a1:<flags> [calling]
263360c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
263460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede880000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
263560c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
263660c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd5b1:<flags> [calling]
263760c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
263860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9b00000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
263960c.12a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
264060c.12a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
264160c.12a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
264260c.12a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
264360c.12a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
264460c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
264560c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
264660c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
264760c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
264860c.12a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
264960c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
265060c.12a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
265160c.12a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b81da51:<flags> [calling]
265260c.12a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
265360c.12a4: supR3HardenedDllNotificationCallback: load 000007fef95e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
265460c.12a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
265560c.12a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
265660c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
265760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd9b1:<flags> [calling]
265860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
265960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95a0000 'C:\Windows\system32/Iphlpapi.dll'
266060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e04 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
266160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
266260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
266360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
266460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
266560c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
266660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
266860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
266960c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
267060c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
267160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
267260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
267360c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
267460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
267560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
267660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267860c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe5b1:<flags> [calling]
267960c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
268060c.d34: supR3HardenedDllNotificationCallback: load 000007fefa040000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
268160c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
268260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa040000 'C:\Windows\system32\dhcpcsvc6.DLL'
268360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
268460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe2d1:<flags> [calling]
268560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95a0000 'C:\Windows\system32\IPHLPAPI.DLL'
268660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e28 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
268760c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
268860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
268960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
269060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
269160c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
269260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
269360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
269460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
269560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
269660c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
269760c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
269860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
269960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
270060c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
270160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
270260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
270360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
270460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
270560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
270660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
270760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe601:<flags> [calling]
270860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
270960c.d34: supR3HardenedDllNotificationCallback: load 000007fefa0a0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
271060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
271160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0a0000 'C:\Windows\system32\dhcpcsvc.DLL'
271260c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
271360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe261:<flags> [calling]
271460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95a0000 'C:\Windows\system32\IPHLPAPI.DLL'
271560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e84 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
271660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
271760c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
271860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
271960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
272060c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
272160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
272260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
272360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
272460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
272560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
272660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
272760c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
272860c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
272960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
273060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
273160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e88 pwszName=\Device\HarddiskVolume3\Windows\System32\powrprof.dll
273260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
273360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
273460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
273560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
273660c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
273760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
273860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
273960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
274060c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) WinVerifyTrust
274160c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
274260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
274360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
274460c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
274560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
274660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
274760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
274860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
274960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
275060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
275160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
275360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
275460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
275560c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
275660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
275760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
275860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
275960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276060c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdbd1:<flags> [calling]
276160c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
276260c.d34: supR3HardenedDllNotificationCallback: load 000007feebca0000 LB 0x00088000 C:\Windows\system32\dsound.dll [fFlags=0x0]
276360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
276460c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
276560c.d34: supR3HardenedDllNotificationCallback: load 000007fefa930000 LB 0x0002c000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
276660c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
276760c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
276860c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efcf41:<flags> [calling]
276960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebca0000 'C:\Windows\system32\dsound.dll'
277060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebca0000 'C:\Windows\system32/dsound.dll'
277160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
277260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
277360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
277460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
277560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll'
277660c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
277760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
277860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
277960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
278060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
278160c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
278260c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
278360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
278460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
278560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume3\Windows\System32\propsys.dll
278660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
278760c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
278860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
278960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\propsys.dll'
279060c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
279160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
279360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
279460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
279560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
279660c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
279760c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
279860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
279960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
280060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
280160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
280260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
280360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
280460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
280560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
280660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
280760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
280860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
280960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
281060c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
281160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
281260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
281360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd1a1:<flags> [calling]
281660c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
281760c.d34: supR3HardenedDllNotificationCallback: load 000007fefb190000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
281860c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
281960c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
282060c.d34: supR3HardenedDllNotificationCallback: load 000007fefb630000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
282160c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
282260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd60000 'C:\Windows\system32\ADVAPI32.dll'
282360c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb190000 'C:\Windows\System32\MMDevApi.dll'
282460c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
282560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd4b1:<flags> [calling]
282660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
282760c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
282860c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd4b1:<flags> [calling]
282960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'C:\Windows\system32\SETUPAPI.dll'
283060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
283160c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe321:<flags> [calling]
283260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\SHLWAPI.dll'
283360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
283460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe541:<flags> [calling]
283560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb190000 'C:\Windows\system32\MMDEVAPI.DLL'
283660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
283760c.b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
283860c.b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000faff9a1:<flags> [calling]
283960c.b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CFGMGR32.dll'
284060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
284160c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe171:<flags> [calling]
284260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
284360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005efdfd1:<flags> [calling]
284460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-Management-L1-1-0.dll'
284560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005efdfd1:<flags> [calling]
284660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
284760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\RPCRT4.dll'
284860c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
284960c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe031:<flags> [calling]
285060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb190000 'C:\Windows\system32\MMDevAPI.DLL'
285160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee8 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
285260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
285360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
285460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
285560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
285660c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
285760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
285860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
285960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
286060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
286160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
286260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
286360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
286460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
286560c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
286660c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
286760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
286860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
286960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed4 pwszName=\Device\HarddiskVolume3\Windows\System32\avrt.dll
287060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
287160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
287260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
287360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\avrt.dll'
287460c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
287560c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
287660c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
287760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
287860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
287960c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
288060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
288160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
288260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume3\Windows\System32\ksuser.dll
288360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
288460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
288560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
288660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ksuser.dll'
288760c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
288860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
288960c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
289060c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
289160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
289260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
289360c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
289460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
289560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
289660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
289760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
289860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
289960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
290060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
290160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
290260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
290360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
290460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdba1:<flags> [calling]
290560c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
290660c.d34: supR3HardenedDllNotificationCallback: load 000007feeb360000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
290760c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
290860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
290960c.d34: supR3HardenedDllNotificationCallback: load 0000000074af0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
291060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
291160c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
291260c.d34: supR3HardenedDllNotificationCallback: load 000007fefa8c0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
291360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
291460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
291560c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
291660c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdba1:<flags> [calling]
291760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
291860c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
291960c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd51:<flags> [calling]
292060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
292160c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
292260c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd51:<flags> [calling]
292360c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
292460c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
292560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd51:<flags> [calling]
292660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
292760c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f00 pwszName=\Device\HarddiskVolume3\Windows\System32\AudioSes.dll
292860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
292960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
293060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
293160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\AudioSes.dll'
293260c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
293360c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
293460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
293560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
293660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
293760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
293860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
293960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
294060c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
294160c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
294260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
294360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
294460c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
294560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
294660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
294760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
294860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
294960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
295060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
295160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
295260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
295360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
295460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
295560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
295660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
295760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd61:<flags> [calling]
295860c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
295960c.d34: supR3HardenedDllNotificationCallback: load 000007fef9810000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
296060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
296160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9810000 'C:\Windows\system32\AUDIOSES.DLL'
296260c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
296360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd51:<flags> [calling]
296460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
296560c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
296660c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdd51:<flags> [calling]
296760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
296860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
296960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
297060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
297160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb360000 'C:\Windows\system32\wdmaud.drv'
297260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f2c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
297360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
297460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
297560c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
297660c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
297760c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
297860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
297960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
298060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
298160c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
298260c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
298360c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
298460c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
298560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
298660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
298760c.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
298860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
298960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
299060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f3c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.dll
299160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
299260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
299360c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
299460c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.dll'
299560c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
299660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
299760c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
299860c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
299960c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
300060c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
300160c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
300260c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
300360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
300460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
300560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
300660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
300760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
300860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
300960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
301060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
301160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
301260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
301360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
301460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
301560c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
301660c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
301760c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
301860c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
301960c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdb51:<flags> [calling]
302060c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
302160c.d34: supR3HardenedDllNotificationCallback: load 000007feeb350000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
302260c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
302360c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
302460c.d34: supR3HardenedDllNotificationCallback: load 000007feeb330000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
302560c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
302660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
302760c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
302860c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
302960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
303060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
303160c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
303260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
303360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
303460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
303560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
303660c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
303760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
303860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
303960c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
304060c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
304160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
304260c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
304360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd551:<flags> [calling]
304460c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
304560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
304660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
304760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb350000 'C:\Windows\system32\msacm32.drv'
304860c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f34 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
304960c.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
305060c.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
305160c.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
305260c.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
305360c.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
305460c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
305560c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
305660c.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
305760c.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
305860c.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
305960c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
306060c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
306160c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
306260c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
306360c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
306460c.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
306560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdb51:<flags> [calling]
306660c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
306760c.d34: supR3HardenedDllNotificationCallback: load 000007feeb320000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
306860c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
306960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb320000 'C:\Windows\system32\midimap.dll'
307060c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
307160c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd521:<flags> [calling]
307260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb320000 'C:\Windows\system32\midimap.dll'
307360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
307460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd521:<flags> [calling]
307560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb320000 'C:\Windows\system32\midimap.dll'
307660c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
307760c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efdb51:<flags> [calling]
307860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb320000 'C:\Windows\system32\midimap.dll'
307960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\ole32.dll'
308360c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308460c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
308560c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe171:<flags> [calling]
308660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
308960c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309060c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309160c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309260c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309360c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
309460c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efd641:<flags> [calling]
309560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebca0000 'C:\Windows\System32\dsound.dll'
309660c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309760c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309860c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ac0000 'C:\Windows\system32\winmm.dll'
309960c.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
310060c.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ad5dc61:<flags> [calling]
310160c.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9810000 'C:\Windows\System32\audioses.dll'
310260c.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
310360c.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005efe091:<flags> [calling]
310460c.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
310560c.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ec0000 'C:\Windows\system32/kernel32.dll'
310660c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\OLEAUT32.DLL'
310760c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
310860c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9a21:<flags> [calling]
310960c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebd0000 'C:\Windows\system32\msctf.dll'
311060c.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
311160c.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c99c1:<flags> [calling]
311260c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebd0000 'C:\Windows\system32\msctf.dll'
311360c.fac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000109c pwszName=\Device\HarddiskVolume3\Windows\System32\mswsock.dll
311460c.fac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
311560c.fac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
311660c.fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
311760c.fac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000011c7cc21:<flags> [calling]
311860c.fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\WINTRUST.DLL'
311960c.fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
312060c.fac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000011c7ca51:<flags> [calling]
312160c.fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPT32.dll'
312260c.fac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
312360c.fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73d0000 'C:\Windows\system32\cryptnet.dll'
312460c.fac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\mswsock.dll'
312560c.fac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
312660c.fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
312760c.fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
312860c.fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
312960c.fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
313060c.fac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
313160c.fac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
313260c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
313360c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
313460c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313560c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
313660c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
313760c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
313860c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
313960c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314060c.fac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000011c7ee81:<flags> [calling]
314160c.fac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
314260c.fac: supR3HardenedDllNotificationCallback: load 000007fefc640000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
314360c.fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
314460c.fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc640000 'C:\Windows\system32\mswsock.dll'
314560c.fac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e0 pwszName=\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
314660c.fac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008273a0
314760c.fac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008273a0
314860c.fac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
314960c.fac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL'
315060c.fac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
315160c.fac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
315260c.fac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
315360c.fac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
315460c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
315560c.fac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
315660c.fac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000011c7f021:<flags> [calling]
315760c.fac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
315860c.fac: supR3HardenedDllNotificationCallback: load 000007fefc020000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
315960c.fac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
316060c.fac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc020000 'C:\Windows\System32\wshtcpip.dll'
316160c.1598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
316260c.1598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000505fb31:<flags> [calling]
316360c.1598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8c0000 'C:\Windows\system32\avrt.dll'
316460c.12a4: supR3HardenedDllNotificationCallback: Unload 000007fef95e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
316560c.ce4: supR3HardenedDllNotificationCallback: Unload 000007fef9650000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
316660c.17c8: supR3HardenedDllNotificationCallback: Unload 000007fef9660000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
316760c.158c: supR3HardenedDllNotificationCallback: Unload 000007fef9670000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
316860c.a24: supR3HardenedDllNotificationCallback: Unload 000007fefa5d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy