VirtualBox

Ticket #14121: VBoxStartup.log

File VBoxStartup.log, 269.4 KB (added by clearth, 9 years ago)
Line 
1d04.af8: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x6223f000
2d04.af8: \SystemRoot\System32\ntdll.dll:
3d04.af8: CreationTime: 2015-05-15T13:42:18.487513700Z
4d04.af8: LastWriteTime: 2015-03-17T06:52:42.469622000Z
5d04.af8: ChangeTime: 2015-05-15T13:51:14.518414800Z
6d04.af8: FileAttributes: 0x20
7d04.af8: Size: 0x1bcfe8
8d04.af8: NT Headers: 0xd8
9d04.af8: Timestamp: 0x5507a832
10d04.af8: Machine: 0x8664 - amd64
11d04.af8: Timestamp: 0x5507a832
12d04.af8: Image Version: 6.2
13d04.af8: SizeOfImage: 0x1bd000 (1822720)
14d04.af8: Resource Dir: 0x15b000 LB 0x60f30
15d04.af8: ProductName: Microsoft® Windows® Operating System
16d04.af8: ProductVersion: 6.2.9200.17313
17d04.af8: FileVersion: 6.2.9200.17313 (win8_gdr.150316-1542)
18d04.af8: FileDescription: NT Layer DLL
19d04.af8: \SystemRoot\System32\kernel32.dll:
20d04.af8: CreationTime: 2014-06-28T12:46:02.794442500Z
21d04.af8: LastWriteTime: 2014-03-01T09:47:38.756000000Z
22d04.af8: ChangeTime: 2014-06-28T12:50:03.293889000Z
23d04.af8: FileAttributes: 0x20
24d04.af8: Size: 0x133400
25d04.af8: NT Headers: 0xf8
26d04.af8: Timestamp: 0x53118dd3
27d04.af8: Machine: 0x8664 - amd64
28d04.af8: Timestamp: 0x53118dd3
29d04.af8: Image Version: 6.2
30d04.af8: SizeOfImage: 0x137000 (1273856)
31d04.af8: Resource Dir: 0x12a000 LB 0x518
32d04.af8: ProductName: Microsoft® Windows® Operating System
33d04.af8: ProductVersion: 6.2.9200.16859
34d04.af8: FileVersion: 6.2.9200.16859 (win8_gdr.140228-1809)
35d04.af8: FileDescription: Windows NT BASE API Client DLL
36d04.af8: \SystemRoot\System32\KernelBase.dll:
37d04.af8: CreationTime: 2014-06-28T12:44:36.100274200Z
38d04.af8: LastWriteTime: 2014-03-11T00:38:31.127000000Z
39d04.af8: ChangeTime: 2014-06-28T12:50:03.262636500Z
40d04.af8: FileAttributes: 0x20
41d04.af8: Size: 0xefc00
42d04.af8: NT Headers: 0xf0
43d04.af8: Timestamp: 0x531d34d8
44d04.af8: Machine: 0x8664 - amd64
45d04.af8: Timestamp: 0x531d34d8
46d04.af8: Image Version: 6.2
47d04.af8: SizeOfImage: 0xf4000 (999424)
48d04.af8: Resource Dir: 0xef000 LB 0x3390
49d04.af8: ProductName: Microsoft® Windows® Operating System
50d04.af8: ProductVersion: 6.2.9200.16864
51d04.af8: FileVersion: 6.2.9200.16864 (win8_gdr.140309-1509)
52d04.af8: FileDescription: Windows NT BASE API Client DLL
53d04.af8: \SystemRoot\System32\apisetschema.dll:
54d04.af8: CreationTime: 2012-07-26T03:03:15.602092000Z
55d04.af8: LastWriteTime: 2012-07-26T04:55:14.433670100Z
56d04.af8: ChangeTime: 2013-12-19T15:56:36.294564400Z
57d04.af8: FileAttributes: 0x20
58d04.af8: Size: 0xb4f0
59d04.af8: NT Headers: 0xc0
60d04.af8: Timestamp: 0x5010b373
61d04.af8: Machine: 0x8664 - amd64
62d04.af8: Timestamp: 0x5010b373
63d04.af8: Image Version: 6.2
64d04.af8: SizeOfImage: 0xd000 (53248)
65d04.af8: Resource Dir: 0xb000 LB 0x3f0
66d04.af8: ProductName: Microsoft® Windows® Operating System
67d04.af8: ProductVersion: 6.2.9200.16384
68d04.af8: FileVersion: 6.2.9200.16384 (win8_rtm.120725-1247)
69d04.af8: FileDescription: ApiSet Schema DLL
70d04.af8: supR3HardenedWinFindAdversaries: 0x0
71d04.af8: Calling main()
72d04.af8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
73d04.af8: SUPR3HardenedMain: Respawn #1
74d04.af8: System32: \Device\HarddiskVolume3\Windows\System32
75d04.af8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
76d04.af8: KnownDllPath: C:\Windows\system32
77d04.af8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
78d04.af8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
79d04.af8: supR3HardNtEnableThreadCreation:
80d04.af8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000007fefe670058 pvNtTerminateThread=000007fefe643090
81d04.af8: supR3HardenedWinDoReSpawn(1): New child ea8.e40 [kernel32].
82d04.af8: supR3HardNtChildGatherData: PebBaseAddress=000007f6f0ca9000 cbPeb=0x388
83d04.af8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=000007fefe640000 uNtDllChildAddr=000007fefe640000
84d04.af8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000007fefe670058
85d04.af8: supR3HardenedWinSetupChildInit: Start child.
86d04.af8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
87d04.af8: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 29 sleeps
88d04.af8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
89d04.af8: *0000000000000000-ffffffffff5fffff 0x0001/0x0000 0x0000000
90d04.af8: *0000000000a00000-00000000009dffff 0x0004/0x0004 0x0020000
91d04.af8: *0000000000a20000-0000000000a16fff 0x0002/0x0002 0x0040000
92d04.af8: 0000000000a29000-0000000000a21fff 0x0001/0x0000 0x0000000
93d04.af8: *0000000000a30000-0000000000933fff 0x0000/0x0004 0x0020000
94d04.af8: 0000000000b2c000-0000000000b28fff 0x0104/0x0004 0x0020000
95d04.af8: 0000000000b2f000-0000000000b2dfff 0x0004/0x0004 0x0020000
96d04.af8: *0000000000b30000-0000000000b2bfff 0x0002/0x0002 0x0040000
97d04.af8: 0000000000b34000-0000000000b27fff 0x0001/0x0000 0x0000000
98d04.af8: *0000000000b40000-0000000000b3dfff 0x0004/0x0004 0x0020000
99d04.af8: 0000000000b42000-ffffffff816a3fff 0x0001/0x0000 0x0000000
100d04.af8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
101d04.af8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
102d04.af8: 000000007fff0000-fffff80a0f35ffff 0x0001/0x0000 0x0000000
103d04.af8: *000007f6f0c80000-000007f6f0c5cfff 0x0002/0x0002 0x0040000
104d04.af8: 000007f6f0ca3000-000007f6f0c9cfff 0x0001/0x0000 0x0000000
105d04.af8: *000007f6f0ca9000-000007f6f0ca7fff 0x0004/0x0004 0x0020000
106d04.af8: 000007f6f0caa000-000007f6f0ca5fff 0x0001/0x0000 0x0000000
107d04.af8: *000007f6f0cae000-000007f6f0cabfff 0x0004/0x0004 0x0020000
108d04.af8: 000007f6f0cb0000-000007f6efddffff 0x0001/0x0000 0x0000000
109d04.af8: *000007f6f1b80000-000007f6f1b80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
110d04.af8: 000007f6f1b81000-000007f6f1c05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
111d04.af8: 000007f6f1c06000-000007f6f1c06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
112d04.af8: 000007f6f1c07000-000007f6f1c44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
113d04.af8: 000007f6f1c45000-000007f6f1c45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
114d04.af8: 000007f6f1c46000-000007f6f1c46fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
115d04.af8: 000007f6f1c47000-000007f6f1c48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
116d04.af8: 000007f6f1c49000-000007f6f1c49fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
117d04.af8: 000007f6f1c4a000-000007f6f1c4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
118d04.af8: 000007f6f1c4b000-000007f6f1c4efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
119d04.af8: 000007f6f1c4f000-000007f6f1c87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
120d04.af8: 000007f6f1c88000-000007eee52cffff 0x0001/0x0000 0x0000000
121d04.af8: *000007fefe640000-000007fefe640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
122d04.af8: 000007fefe641000-000007fefe775fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
123d04.af8: 000007fefe776000-000007fefe77bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
124d04.af8: 000007fefe77c000-000007fefe77cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
125d04.af8: 000007fefe77d000-000007fefe781fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
126d04.af8: 000007fefe782000-000007fefe796fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
127d04.af8: 000007fefe797000-000007fefe797fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
128d04.af8: 000007fefe798000-000007fefe7fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
129d04.af8: 000007fefe7fd000-000007fdfd019fff 0x0001/0x0000 0x0000000
130d04.af8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
131d04.af8: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
132d04.af8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
133d04.af8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
134d04.af8: supR3HardNtChildPurify: Done after 356 ms and 0 fixes (loop #0).
135ea8.e40: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x6223f000
136ea8.e40: supR3HardenedVmProcessInit: uNtDllAddr=000007fefe640000
137ea8.e40: ntdll.dll: timestamp 0x5507a832 (rc=VINF_SUCCESS)
138ea8.e40: New simple heap: #1 0000000000c50000 LB 0x400000 (for 1822720 allocation)
139d04.af8: supR3HardNtEnableThreadCreation:
140ea8.e40: System32: \Device\HarddiskVolume3\Windows\System32
141ea8.e40: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
142ea8.e40: KnownDllPath: C:\Windows\system32
143ea8.e40: supR3HardenedVmProcessInit: Opening vboxdrv stub...
144ea8.e40: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
145ea8.e40: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
146ea8.e40: Registered Dll notification callback with NTDLL.
147ea8.e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
148ea8.e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
149ea8.e40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
150ea8.e40: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
151ea8.e40: supR3HardenedDllNotificationCallback: load 000007fefb6b0000 LB 0x000f4000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
152ea8.e40: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
153ea8.e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
154ea8.e40: supR3HardenedDllNotificationCallback: load 000007fefbfe0000 LB 0x00137000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
155ea8.e40: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
156ea8.e40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\KERNEL32.DLL'
157ea8.e40: supR3HardenedDllNotificationCallback: load 000007f6f1b80000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
158ea8.e40: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
159ea8.e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
160ea8.e40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
161ea8.e40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000007fefe670058 pvNtTerminateThread=000007fefe643090
162d04.af8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 121 ms.
163ea8.e40: \SystemRoot\System32\ntdll.dll:
164ea8.e40: CreationTime: 2015-05-15T13:42:18.487513700Z
165ea8.e40: LastWriteTime: 2015-03-17T06:52:42.469622000Z
166ea8.e40: ChangeTime: 2015-05-15T13:51:14.518414800Z
167ea8.e40: FileAttributes: 0x20
168ea8.e40: Size: 0x1bcfe8
169ea8.e40: NT Headers: 0xd8
170ea8.e40: Timestamp: 0x5507a832
171ea8.e40: Machine: 0x8664 - amd64
172ea8.e40: Timestamp: 0x5507a832
173ea8.e40: Image Version: 6.2
174ea8.e40: SizeOfImage: 0x1bd000 (1822720)
175ea8.e40: Resource Dir: 0x15b000 LB 0x60f30
176ea8.e40: ProductName: Microsoft® Windows® Operating System
177ea8.e40: ProductVersion: 6.2.9200.17313
178ea8.e40: FileVersion: 6.2.9200.17313 (win8_gdr.150316-1542)
179ea8.e40: FileDescription: NT Layer DLL
180ea8.e40: \SystemRoot\System32\kernel32.dll:
181ea8.e40: CreationTime: 2014-06-28T12:46:02.794442500Z
182ea8.e40: LastWriteTime: 2014-03-01T09:47:38.756000000Z
183ea8.e40: ChangeTime: 2014-06-28T12:50:03.293889000Z
184ea8.e40: FileAttributes: 0x20
185ea8.e40: Size: 0x133400
186ea8.e40: NT Headers: 0xf8
187ea8.e40: Timestamp: 0x53118dd3
188ea8.e40: Machine: 0x8664 - amd64
189ea8.e40: Timestamp: 0x53118dd3
190ea8.e40: Image Version: 6.2
191ea8.e40: SizeOfImage: 0x137000 (1273856)
192ea8.e40: Resource Dir: 0x12a000 LB 0x518
193ea8.e40: ProductName: Microsoft® Windows® Operating System
194ea8.e40: ProductVersion: 6.2.9200.16859
195ea8.e40: FileVersion: 6.2.9200.16859 (win8_gdr.140228-1809)
196ea8.e40: FileDescription: Windows NT BASE API Client DLL
197ea8.e40: \SystemRoot\System32\KernelBase.dll:
198ea8.e40: CreationTime: 2014-06-28T12:44:36.100274200Z
199ea8.e40: LastWriteTime: 2014-03-11T00:38:31.127000000Z
200ea8.e40: ChangeTime: 2014-06-28T12:50:03.262636500Z
201ea8.e40: FileAttributes: 0x20
202ea8.e40: Size: 0xefc00
203ea8.e40: NT Headers: 0xf0
204ea8.e40: Timestamp: 0x531d34d8
205ea8.e40: Machine: 0x8664 - amd64
206ea8.e40: Timestamp: 0x531d34d8
207ea8.e40: Image Version: 6.2
208ea8.e40: SizeOfImage: 0xf4000 (999424)
209ea8.e40: Resource Dir: 0xef000 LB 0x3390
210ea8.e40: ProductName: Microsoft® Windows® Operating System
211ea8.e40: ProductVersion: 6.2.9200.16864
212ea8.e40: FileVersion: 6.2.9200.16864 (win8_gdr.140309-1509)
213ea8.e40: FileDescription: Windows NT BASE API Client DLL
214ea8.e40: \SystemRoot\System32\apisetschema.dll:
215ea8.e40: CreationTime: 2012-07-26T03:03:15.602092000Z
216ea8.e40: LastWriteTime: 2012-07-26T04:55:14.433670100Z
217ea8.e40: ChangeTime: 2013-12-19T15:56:36.294564400Z
218ea8.e40: FileAttributes: 0x20
219ea8.e40: Size: 0xb4f0
220ea8.e40: NT Headers: 0xc0
221ea8.e40: Timestamp: 0x5010b373
222ea8.e40: Machine: 0x8664 - amd64
223ea8.e40: Timestamp: 0x5010b373
224ea8.e40: Image Version: 6.2
225ea8.e40: SizeOfImage: 0xd000 (53248)
226ea8.e40: Resource Dir: 0xb000 LB 0x3f0
227ea8.e40: ProductName: Microsoft® Windows® Operating System
228ea8.e40: ProductVersion: 6.2.9200.16384
229ea8.e40: FileVersion: 6.2.9200.16384 (win8_rtm.120725-1247)
230ea8.e40: FileDescription: ApiSet Schema DLL
231ea8.e40: supR3HardenedWinFindAdversaries: 0x0
232ea8.e40: Calling main()
233ea8.e40: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
234ea8.e40: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
235ea8.e40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
236ea8.e40: SUPR3HardenedMain: Respawn #2
237ea8.e40: supR3HardNtEnableThreadCreation:
238ea8.e40: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000007fefe670058 pvNtTerminateThread=000007fefe643090
239ea8.e40: supR3HardenedWinDoReSpawn(2): New child cd8.a08 [kernel32].
240ea8.e40: supR3HardNtChildGatherData: PebBaseAddress=000007f6f1586000 cbPeb=0x388
241ea8.e40: supR3HardNtPuChFindNtdll: uNtDllParentAddr=000007fefe640000 uNtDllChildAddr=000007fefe640000
242ea8.e40: supR3HardenedWinSetupChildInit: uLdrInitThunk=000007fefe670058
243ea8.e40: supR3HardenedWinSetupChildInit: Start child.
244ea8.e40: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
245ea8.e40: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 29 sleeps
246ea8.e40: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
247ea8.e40: *0000000000000000-ffffffffff23ffff 0x0001/0x0000 0x0000000
248ea8.e40: *0000000000dc0000-0000000000d9ffff 0x0004/0x0004 0x0020000
249ea8.e40: *0000000000de0000-0000000000dd6fff 0x0002/0x0002 0x0040000
250ea8.e40: 0000000000de9000-0000000000de1fff 0x0001/0x0000 0x0000000
251ea8.e40: *0000000000df0000-0000000000cf3fff 0x0000/0x0004 0x0020000
252ea8.e40: 0000000000eec000-0000000000ee8fff 0x0104/0x0004 0x0020000
253ea8.e40: 0000000000eef000-0000000000eedfff 0x0004/0x0004 0x0020000
254ea8.e40: *0000000000ef0000-0000000000eebfff 0x0002/0x0002 0x0040000
255ea8.e40: 0000000000ef4000-0000000000ee7fff 0x0001/0x0000 0x0000000
256ea8.e40: *0000000000f00000-0000000000efdfff 0x0004/0x0004 0x0020000
257ea8.e40: 0000000000f02000-ffffffff81e23fff 0x0001/0x0000 0x0000000
258ea8.e40: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
259ea8.e40: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
260ea8.e40: 000000007fff0000-fffff80a0ea7ffff 0x0001/0x0000 0x0000000
261ea8.e40: *000007f6f1560000-000007f6f153cfff 0x0002/0x0002 0x0040000
262ea8.e40: 000007f6f1583000-000007f6f157ffff 0x0001/0x0000 0x0000000
263ea8.e40: *000007f6f1586000-000007f6f1584fff 0x0004/0x0004 0x0020000
264ea8.e40: 000007f6f1587000-000007f6f157ffff 0x0001/0x0000 0x0000000
265ea8.e40: *000007f6f158e000-000007f6f158bfff 0x0004/0x0004 0x0020000
266ea8.e40: 000007f6f1590000-000007f6f0f9ffff 0x0001/0x0000 0x0000000
267ea8.e40: *000007f6f1b80000-000007f6f1b80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
268ea8.e40: 000007f6f1b81000-000007f6f1c05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
269ea8.e40: 000007f6f1c06000-000007f6f1c06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
270ea8.e40: 000007f6f1c07000-000007f6f1c44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
271ea8.e40: 000007f6f1c45000-000007f6f1c45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
272ea8.e40: 000007f6f1c46000-000007f6f1c46fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
273ea8.e40: 000007f6f1c47000-000007f6f1c48fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
274ea8.e40: 000007f6f1c49000-000007f6f1c49fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
275ea8.e40: 000007f6f1c4a000-000007f6f1c4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
276ea8.e40: 000007f6f1c4b000-000007f6f1c4efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
277ea8.e40: 000007f6f1c4f000-000007f6f1c87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
278ea8.e40: 000007f6f1c88000-000007eee52cffff 0x0001/0x0000 0x0000000
279ea8.e40: *000007fefe640000-000007fefe640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
280ea8.e40: 000007fefe641000-000007fefe775fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
281ea8.e40: 000007fefe776000-000007fefe77bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
282ea8.e40: 000007fefe77c000-000007fefe77cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
283ea8.e40: 000007fefe77d000-000007fefe781fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
284ea8.e40: 000007fefe782000-000007fefe796fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
285ea8.e40: 000007fefe797000-000007fefe797fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
286ea8.e40: 000007fefe798000-000007fefe7fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
287ea8.e40: 000007fefe7fd000-000007fdfd019fff 0x0001/0x0000 0x0000000
288ea8.e40: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
289ea8.e40: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
290ea8.e40: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
291ea8.e40: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
292ea8.e40: supR3HardNtChildPurify: Done after 333 ms and 0 fixes (loop #0).
293cd8.a08: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x6223f000
294cd8.a08: supR3HardenedVmProcessInit: uNtDllAddr=000007fefe640000
295cd8.a08: ntdll.dll: timestamp 0x5507a832 (rc=VINF_SUCCESS)
296cd8.a08: New simple heap: #1 0000000001010000 LB 0x400000 (for 1822720 allocation)
297ea8.e40: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c50000 LB 0x400000)
298ea8.e40: supR3HardNtEnableThreadCreation:
299cd8.a08: System32: \Device\HarddiskVolume3\Windows\System32
300cd8.a08: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
301cd8.a08: KnownDllPath: C:\Windows\system32
302cd8.a08: supR3HardenedVmProcessInit: Opening vboxdrv...
303cd8.a08: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
304cd8.a08: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
305cd8.a08: Registered Dll notification callback with NTDLL.
306cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
307cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
308cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
309cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
310cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb6b0000 LB 0x000f4000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
311cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
312cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
313cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbfe0000 LB 0x00137000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
314cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
315cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\KERNEL32.DLL'
316cd8.a08: supR3HardenedDllNotificationCallback: load 000007f6f1b80000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
317cd8.a08: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
318cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
319cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
320cd8.a08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000007fefe670058 pvNtTerminateThread=000007fefe643090
321ea8.e40: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms.
322cd8.a08: \SystemRoot\System32\ntdll.dll:
323cd8.a08: CreationTime: 2015-05-15T13:42:18.487513700Z
324cd8.a08: LastWriteTime: 2015-03-17T06:52:42.469622000Z
325cd8.a08: ChangeTime: 2015-05-15T13:51:14.518414800Z
326cd8.a08: FileAttributes: 0x20
327cd8.a08: Size: 0x1bcfe8
328cd8.a08: NT Headers: 0xd8
329cd8.a08: Timestamp: 0x5507a832
330cd8.a08: Machine: 0x8664 - amd64
331cd8.a08: Timestamp: 0x5507a832
332cd8.a08: Image Version: 6.2
333cd8.a08: SizeOfImage: 0x1bd000 (1822720)
334cd8.a08: Resource Dir: 0x15b000 LB 0x60f30
335cd8.a08: ProductName: Microsoft® Windows® Operating System
336cd8.a08: ProductVersion: 6.2.9200.17313
337cd8.a08: FileVersion: 6.2.9200.17313 (win8_gdr.150316-1542)
338cd8.a08: FileDescription: NT Layer DLL
339cd8.a08: \SystemRoot\System32\kernel32.dll:
340cd8.a08: CreationTime: 2014-06-28T12:46:02.794442500Z
341cd8.a08: LastWriteTime: 2014-03-01T09:47:38.756000000Z
342cd8.a08: ChangeTime: 2014-06-28T12:50:03.293889000Z
343cd8.a08: FileAttributes: 0x20
344cd8.a08: Size: 0x133400
345cd8.a08: NT Headers: 0xf8
346cd8.a08: Timestamp: 0x53118dd3
347cd8.a08: Machine: 0x8664 - amd64
348cd8.a08: Timestamp: 0x53118dd3
349cd8.a08: Image Version: 6.2
350cd8.a08: SizeOfImage: 0x137000 (1273856)
351cd8.a08: Resource Dir: 0x12a000 LB 0x518
352cd8.a08: ProductName: Microsoft® Windows® Operating System
353cd8.a08: ProductVersion: 6.2.9200.16859
354cd8.a08: FileVersion: 6.2.9200.16859 (win8_gdr.140228-1809)
355cd8.a08: FileDescription: Windows NT BASE API Client DLL
356cd8.a08: \SystemRoot\System32\KernelBase.dll:
357cd8.a08: CreationTime: 2014-06-28T12:44:36.100274200Z
358cd8.a08: LastWriteTime: 2014-03-11T00:38:31.127000000Z
359cd8.a08: ChangeTime: 2014-06-28T12:50:03.262636500Z
360cd8.a08: FileAttributes: 0x20
361cd8.a08: Size: 0xefc00
362cd8.a08: NT Headers: 0xf0
363cd8.a08: Timestamp: 0x531d34d8
364cd8.a08: Machine: 0x8664 - amd64
365cd8.a08: Timestamp: 0x531d34d8
366cd8.a08: Image Version: 6.2
367cd8.a08: SizeOfImage: 0xf4000 (999424)
368cd8.a08: Resource Dir: 0xef000 LB 0x3390
369cd8.a08: ProductName: Microsoft® Windows® Operating System
370cd8.a08: ProductVersion: 6.2.9200.16864
371cd8.a08: FileVersion: 6.2.9200.16864 (win8_gdr.140309-1509)
372cd8.a08: FileDescription: Windows NT BASE API Client DLL
373cd8.a08: \SystemRoot\System32\apisetschema.dll:
374cd8.a08: CreationTime: 2012-07-26T03:03:15.602092000Z
375cd8.a08: LastWriteTime: 2012-07-26T04:55:14.433670100Z
376cd8.a08: ChangeTime: 2013-12-19T15:56:36.294564400Z
377cd8.a08: FileAttributes: 0x20
378cd8.a08: Size: 0xb4f0
379cd8.a08: NT Headers: 0xc0
380cd8.a08: Timestamp: 0x5010b373
381cd8.a08: Machine: 0x8664 - amd64
382cd8.a08: Timestamp: 0x5010b373
383cd8.a08: Image Version: 6.2
384cd8.a08: SizeOfImage: 0xd000 (53248)
385cd8.a08: Resource Dir: 0xb000 LB 0x3f0
386cd8.a08: ProductName: Microsoft® Windows® Operating System
387cd8.a08: ProductVersion: 6.2.9200.16384
388cd8.a08: FileVersion: 6.2.9200.16384 (win8_rtm.120725-1247)
389cd8.a08: FileDescription: ApiSet Schema DLL
390cd8.a08: supR3HardenedWinFindAdversaries: 0x0
391cd8.a08: Calling main()
392cd8.a08: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
393cd8.a08: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
394cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
395cd8.a08: SUPR3HardenedMain: Final process, opening VBoxDrv...
396cd8.a08: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001010000 LB 0x400000)
397cd8.a08: supR3HardNtEnableThreadCreation:
398cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
399cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
400cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
401cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
402cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4550000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
403cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
404cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
405cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
406cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
407cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
409cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
410cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
411cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
412cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
413cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
414cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
415cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
416cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
417cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
418cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
419cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
420cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
421cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
422cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
423cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
424cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
425cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
426cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
427cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
428cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
429cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
430cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
431cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
432cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
433cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
434cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
435cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
436cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
437cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
438cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
439cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
440cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
441cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
442cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
443cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefd7d0000 LB 0x000a5000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
444cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
445cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb540000 LB 0x00016000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
446cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
447cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb830000 LB 0x001d1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
448cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
449cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefdee0000 LB 0x00145000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
450cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
451cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb580000 LB 0x00055000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
452cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
453cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\Wintrust.dll'
454cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
455cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
456cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
457cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
458cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefaf60000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
459cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
460cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf60000 'C:\Windows\system32\bcrypt.dll'
461cd8.a08: bcrypt.dll loaded at 000007fefaf60000, BCryptOpenAlgorithmProvider at 000007fefaf61910, preloading providers:
462cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
463cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
464cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
465cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
466cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb290000 LB 0x0005c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
467cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
468cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\bcryptprimitives.dll'
469cd8.a08: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001435550)
470cd8.a08: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001438a20)
471cd8.a08: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001438b40)
472cd8.a08: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001438c60)
473cd8.a08: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001438d80)
474cd8.a08: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001439a30)
475cd8.a08: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000014397f0)
476cd8.a08: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000014395b0)
477cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
478cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
479cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
480cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
481cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
482cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
483cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
484cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
485cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
486cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
487cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
488cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
489cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
490cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
491cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
492cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
493cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
494cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
495cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
496cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
497cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
498cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
499cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefad30000 LB 0x0001a000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
500cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
501cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
502cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
503cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
504cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
505cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefa9d0000 LB 0x0004b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
506cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
507cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
508cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
509cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
510cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
511cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb2f0000 LB 0x0000a000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
512cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
513cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
514cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
515cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
516cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
517cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
518cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\kernel32.dll'
519cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
520cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
521cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
522cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
523cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\CRYPT32.dll'
524cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbfc0000 LB 0x00014000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
525cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
526cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
527cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
528cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
529cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
530cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
531cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
532cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
533cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
534cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
535cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
536cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
537cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
538cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ntasn1.dll)
539cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntasn1.dll
540cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefaeb0000 LB 0x00035000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
541cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
542cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefaef0000 LB 0x00027000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
543cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
544cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
545cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
546cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
547cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefdc60000 LB 0x00048000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
548cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
549cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
550cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
551cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
552cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
553cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefa750000 LB 0x0001f000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
554cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
555cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb560000 LB 0x00015000 C:\Windows\system32\profapi.dll [fFlags=0x0]
556cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
557cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
558cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
559cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
560cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
561cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
562cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
563cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
564cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
565cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
566cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
567cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
568cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
569cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
570cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
571cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
572cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
573cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
574cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
575cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
576cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
577cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
578cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
579cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
580cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
581cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
582cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
583cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
584cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
585cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
586cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
587cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
588cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
589cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
590cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
591cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
592cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
593cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
594cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefdcb0000 LB 0x0005e000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
595cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
596cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee5450000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
597cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
598cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
599cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
600cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
601cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
602cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
603cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
604cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
605cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
606cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
607cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
608cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
609cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
610cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
611cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
612cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
613cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
614cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
615cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
616cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
617cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
618cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
619cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
620cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
621cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
622cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
623cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
624cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
625cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
626cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\system32\cryptnet.dll'
627cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
628cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5450000 'C:\Windows\System32\cryptnet.dll'
629cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
630cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
631cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
632cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
633cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
634cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
635cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
636cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000147cbe0
637cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
638cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=56386EDA40522F32E508D9538EA1D946E69747ED
639cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
640cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
641cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdee0000 'C:\Windows\system32\rpcrt4.dll'
642cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
643cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
644cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
645cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
646cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefc120000 LB 0x000de000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
647cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
648cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
649cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
650cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
651cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
652cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
653cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
654cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
655cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
656cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
657cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
658cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
659cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
660cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
661cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
662cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
663cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
664cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
665cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
666cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
667cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
668cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
669cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
670cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
671cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
672cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
673cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
674cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
675cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_216_for_KB3045999~31bf3856ad364e35~amd64~~6.2.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
676cd8.a08: g_pfnWinVerifyTrust=000007fefb581150
677cd8.a08: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
678cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
679cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
680cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
681cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=161B214025C96CCCF93A71783441616588487EAD
682cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
683cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
684cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
685cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
686cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
687cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
688cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_117_for_KB3004394~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
689cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
690cd8.a08: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
691cd8.a08: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
692cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c8 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
693cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
694cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
695cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E6708D9ABB31971E5E608DD0A9948D618135FF96
696cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
697cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
698cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
699cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
700cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
701cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
702cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_40_for_KB2862966~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
703cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
704cd8.a08: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
705cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000036c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
706cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
707cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
708cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F4D2ED4C4ACFC4FAA89A06DB3696E50927A3A4C2
709cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
710cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
711cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
712cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
713cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-SKU-Foundation-Package-mergedcomponents~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
714cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
715cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
716cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000350 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
717cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
718cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
719cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD0E4C4314A00E00DC1C9452A3B55BAF688CC10C
720cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
721cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
722cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
723cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
724cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
725cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
726cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000034c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
727cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
728cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
729cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7855F3D9361851A15FFD0DD0E9F5B44429F7E059
730cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
731cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
732cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
733cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_31_for_KB2813430~31bf3856ad364e35~amd64~~6.2.1.3.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
734cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
735cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
736cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000338 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
737cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
738cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
739cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7B9F5CF94251A2210FBB20E9DEA2E8725ADE15C
740cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
741cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
742cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
743cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
744cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
745cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
746cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000234 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
747cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
748cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
749cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD30C052281B763437355F539F9D21B4AC1F44F9
750cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
751cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
752cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
753cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-SKU-Foundation-Package-ds~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
754cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
755cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
756cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
757cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
758cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
759cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C115BE687AC313D4DA68F2D30501483B9F11C57
760cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
761cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
762cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
763cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
764cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
765cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
766cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\ntasn1.dll
767cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
768cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
769cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAAA7746995C6F76892F979F05B860789ACD222D
770cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
771cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
772cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
773cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
774cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
775cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntasn1.dll'
776cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
777cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
778cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
779cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAF08A242264DE3D3B5164F853E398FFE2CA8C7D
780cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
781cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
782cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
783cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
784cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
785cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
786cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
787cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
788cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
789cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
790cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
791cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D38773D6411A903C74C205EC32551480EC4B864
792cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
793cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
794cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
795cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
796cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.2.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
797cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
798cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
799cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000144 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
800cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
801cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
802cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E741939ECB0C2DDA2CEF2B4F29DB996EA1D918A6
803cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
804cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
805cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
806cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
807cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
808cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
809cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
810cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
811cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
812cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
813cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
814cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
815cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
816cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0998F06D7CC1F5300AA4DC95EB90513D087F170B
817cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
818cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
819cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
820cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
821cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
822cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
823cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
824cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
825cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
826cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
827cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
828cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80DF8408A5C1D5475AD54380A33397C5D137F64A
829cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
830cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
831cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
832cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
833cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
834cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
835cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
836cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
837cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62EE7264757C76F910345A38D52B773876E19EC4
838cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
839cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
840cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
841cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
842cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
843cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
844cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
845cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
846cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8E4E4D7C3E8B6C99E3688ED950899C2AFB2B03B
847cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
848cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
849cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
850cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
851cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
852cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
853cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
854cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
855cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70B9DA452B951576B78B932555B03B78350AABEE
856cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
857cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
858cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2978668~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
859cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
860cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
861cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
862cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
863cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
864cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
865cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
866cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
867cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
868cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8507DEE09C6BE17AF619ECA88B2299DFB0A2004C
869cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
870cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
871cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_97_for_KB2871997~31bf3856ad364e35~amd64~~6.2.6.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
872cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
873cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
874cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000001c pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
875cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
876cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
877cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D049FFCC0DC04EC5C5ECCF99E12221C3753476E
878cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
879cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
880cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_18_for_KB2934016~31bf3856ad364e35~amd64~~6.2.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
881cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
882cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
883cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
884cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
885cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
886cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
887cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
888cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
889cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
890cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
891cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
892cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
893cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
894cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
895cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
896cd8.a08: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
897cd8.a08: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=13
898cd8.a08: SUPR3HardenedMain: Load Runtime...
899cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
900cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
901cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
902cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
903cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
904cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
905cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
906cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
907cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
908cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
909cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
910cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
911cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
912cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
913cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
914cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0A57D3BE0BEEDBD6EB051F6F26B2BECC0AF8371B
915cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
916cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
917cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
918cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
919cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
920cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
921cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)WinVerifyTrust
922cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
923cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
924cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
925cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
926cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
927cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
928cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
929cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
930cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
931cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
932cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
933cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
934cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
935cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
936cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
937cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
938cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
939cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
940cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
941cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
942cd8.a08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
943cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
944cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
945cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
946cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
947cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
948cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
949cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
950cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
951cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
952cd8.a08: supR3HardenedDllNotificationCallback: load 00000000527e0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
953cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
954cd8.a08: supR3HardenedDllNotificationCallback: load 0000000052740000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
955cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
956cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefdc50000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
957cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
958cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefc470000 LB 0x00058000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
959cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
960cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee82c0000 LB 0x00538000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
961cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
962cd8.a08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
963cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
964cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
965cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rescheduled]
966cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
967cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
968cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
969cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
970cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
971cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
972cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
973cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
974cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
975cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
976cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
977cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
978cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
979cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
980cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
981cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
982cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
983cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
984cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
985cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
986cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
987cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
988cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
989cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
990cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
991cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
992cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
993cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
994cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
995cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
996cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
997cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
998cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
999cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1000cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1001cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1002cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1003cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1004cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1005cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1006cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1007cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1008cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1009cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1010cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1011cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1012cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1013cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1014cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee82c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1015cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\Wintrust.dll'
1016cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1017cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1018cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1019cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1020cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1021cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1022cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1023cd8.a08: SUPR3HardenedMain: Load TrustedMain...
1024cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1025cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1026cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1027cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1028cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1029cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1030cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1031cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1032cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1033cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1034cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1035cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1036cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1037cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1038cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1039cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1040cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1041cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1042cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1043cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1044cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1045cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
1046cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1047cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1048cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85EB06286A8E8F15389C8FA81EFB86EDED549D9A
1049cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1050cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1051cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB2862768~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
1052cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1053cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1054cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
1055cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
1056cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll)WinVerifyTrust
1057cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1058cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1059cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1060cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1061cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1062cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1063cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2BD74083ED1F826884E685954C04F3D343B6D7D9
1064cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1065cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1066cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
1067cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
1068cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
1069cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
1070cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1071cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1072cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1073cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1074cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1075cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1076cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1077cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
1078cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
1079cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
1080cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1081cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1082cd8.a08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
1083cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1084cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1085cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll)
1086cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
1087cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1088cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1089cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1090cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1091cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
1092cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
1093cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
1094cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1095cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1096cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1097cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1098cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1099cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1100cd8.a08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
1101cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
1102cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
1103cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1104cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1105cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1106cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1107cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1108cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1109cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1110cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1111cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-shell~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
1112cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1113cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1114cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1115cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1116cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1117cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1118cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1119cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)WinVerifyTrust
1120cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1121cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1122cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1123cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1124cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1125cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1126cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=58B7C630AC83E062718C420EA6E74E9DC9A95E95
1127cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1128cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1129cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
1130cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1131cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
1132cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'shlwapi.dll'.
1133cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #60 'gdi32.dll'.
1134cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
1135cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1136cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1137cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1138cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
1139cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1140cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1141cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1142cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
1143cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
1144cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1145cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1146cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1147cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1148cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1149cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1150cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1151cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1152cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1153cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1154cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
1155cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1156cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
1157cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1158cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1159cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1160cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1161cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1162cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1163cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1164cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1165cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1166cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1167cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1168cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1169cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1170cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1171cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1172cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1173cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1174cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1175cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1176cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1177cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1178cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1179cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1180cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1181cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1182cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1183cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1184cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1185cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1186cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1187cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1188cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1189cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1190cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3020338~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
1191cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1192cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1193cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1194cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1195cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll)WinVerifyTrust
1196cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1197cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1198cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1199cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1200cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1201cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1202cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1203cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1204cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1205cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1206cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
1207cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
1208cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1209cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1210cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1211cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1212cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1213cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1214cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1215cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1216cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1217cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1218cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1219cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1220cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
1221cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll)WinVerifyTrust
1222cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1223cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1224cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1225cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1226cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
1227cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1228cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1229cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27DC5FB9EC0FCB98730ED4FFC3B5689F1C7AA010
1230cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1231cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1232cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
1233cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1234cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1235cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
1236cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1237cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1238cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1239cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1240cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1241cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1242cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1243cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1244cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1245cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1246cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_78_for_KB3039066~31bf3856ad364e35~amd64~~6.2.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1247cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1248cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1249cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1250cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1251cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1252cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1253cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1254cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1255cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
1256cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1257cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1258cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AA26A6FB42D4D22A6FD8F44782FA6579D82B8AA
1259cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1260cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1261cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2993651~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1262cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1263cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1264cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1265cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1266cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
1267cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
1268cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1269cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1270cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4262A671F535E1F868B645D4B8514D53735D366A
1271cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1272cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1273cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_46_for_KB2984005~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
1274cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1275cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1276cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1277cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1278cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1279cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1280cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1281cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1282cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1283cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1284cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1285cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1286cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1287cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1288cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1289cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1290cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1291cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1292cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1293cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1294cd8.a08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1295cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1296cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1297cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1298cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1299cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1300cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1301cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1302cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1303cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1304cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1305cd8.a08: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1306cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1307cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1308cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1309cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1310cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1311cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1312cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1313cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1314cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1315cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1316cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1317cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1318cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1319cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1320cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1321cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1322cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1323cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1324cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1325cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1326cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1327cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1328cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1329cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1330cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1331cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1332cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1333cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1334cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1335cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1336cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1337cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1338cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1339cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1340cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1341cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1342cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
1343cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1344cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
1345cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
1346cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
1347cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll)
1348cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1349cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1350cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1351cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1352cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1353cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1354cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1355cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1356cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1357cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1358cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1359cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1360cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1361cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1362cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1363cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1364cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1365cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1366cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1367cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1368cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1369cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1370cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1371cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1372cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1373cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1374cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1375cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1376cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1377cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1378cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1379cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1380cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1381cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1382cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1383cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1384cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1385cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1386cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1387cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
1388cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1389cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
1390cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
1391cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1392cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1393cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1394cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1395cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1396cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1397cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1398cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
1399cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
1400cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
1401cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1402cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1403cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1404cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1405cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1406cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1407cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1408cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1409cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1410cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1411cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1412cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1413cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1414cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1415cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1416cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1417cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1418cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1419cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1420cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1421cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1422cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1423cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1424cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1425cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1426cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1427cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1428cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\msctf.dll'.
1429cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1430cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
1431cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
1432cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'imm32.dll'.
1433cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
1434cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
1435cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1436cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1437cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1438cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1439cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1440cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1441cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1442cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1443cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1444cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1445cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1446cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1447cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1448cd8.a08: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
1449cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1450cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1451cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1452cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll)
1453cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1454cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1455cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1456cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1457cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1458cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1459cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1460cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1461cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1462cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1463cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1464cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1465cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1466cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1467cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1468cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1469cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1470cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1471cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1472cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1473cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1474cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1475cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1476cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1477cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1478cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1479cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1480cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1481cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1482cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1483cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1484cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
1485cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1486cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1487cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1488cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1489cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1490cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1491cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1492cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1493cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1494cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1495cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
1496cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1497cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1498cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1499cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1500cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1501cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1502cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1503cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1504cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1505cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1506cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1507cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1508cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1509cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1510cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1511cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1512cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1513cd8.a08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1514cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1515cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1516cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1517cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE450DFC2446B54F44FFB267F45E6A6A7478AA74
1518cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1519cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1520cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-windows~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1521cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1522cd8.a08: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1523cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1524cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1525cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1526cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1527cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1528cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1529cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1530cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1531cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1532cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1533cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1534cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1535cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1536cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1537cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1538cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll)
1539cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll
1540cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1541cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1542cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1543cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1544cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
1545cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
1546cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefc200000 LB 0x0014c000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1547cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbd00000 LB 0x00141000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1548cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4510000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1549cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1550cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee80b0000 LB 0x000ea000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
1551cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1552cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4520000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1553cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1554cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee81a0000 LB 0x0011f000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1555cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1556cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefe3c0000 LB 0x001b0000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
1557cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1558cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbb80000 LB 0x0017e000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1559cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1560cd8.a08: supR3HardenedDllNotificationCallback: load 0000000052460000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1561cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1562cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbe50000 LB 0x00050000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1563cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1564cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4570000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\COMCTL32.dll [fFlags=0x0]
1565cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll [avoiding WinVerifyTrust]
1566cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefc4d0000 LB 0x012e5000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1567cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1568cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefa610000 LB 0x00096000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
1569cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
1570cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefe310000 LB 0x000a1000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1571cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1572cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefe570000 LB 0x000c3000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1573cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1574cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefc350000 LB 0x00115000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1575cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1576cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefe2d0000 LB 0x00039000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
1577cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1578cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb7e0000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
1579cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1580cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb7b0000 LB 0x00022000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1581cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1582cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef8490000 LB 0x00033000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1583cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1584cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef8760000 LB 0x00020000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1585cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1586cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef48f0000 LB 0x0007d000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1587cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1588cd8.a08: supR3HardenedDllNotificationCallback: load 0000000051af0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1589cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1590cd8.a08: supR3HardenedDllNotificationCallback: load 00000000519e0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1591cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1592cd8.a08: supR3HardenedDllNotificationCallback: load 0000000051900000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1593cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1594cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee3f30000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1595cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1596cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
1597cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
1598cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll'.
1599cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll' [rescheduled]
1600cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
1601cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
1602cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\msctf.dll'.
1603cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rescheduled]
1604cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1605cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
1606cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
1607cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
1608cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1609cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
1610cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
1611cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rescheduled]
1612cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
1613cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
1614cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
1615cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
1616cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
1617cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
1618cd8.a08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
1619cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
1620cd8.a08: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
1621cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled]
1622cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
1623cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
1624cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1625cd8.a08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
1626cd8.a08: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
1627cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1628cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1629cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1630cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1631cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1632cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1633cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1634cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1635cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1636cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1637cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2d0000 'C:\Windows\system32\imm32.dll'
1638cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3f30000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1639cd8.a08: SUPR3HardenedMain: Calling TrustedMain (000007fee3f31ca0)...
1640cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1641cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1642cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8760000 'C:\Windows\system32\winmm.dll'
1643cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000704 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1644cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1645cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1646cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD242F59B5B3223C9E6C9F707357D09C755A6375
1647cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1648cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1649cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_12_for_KB3038314~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1650cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1651cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1652cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
1653cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
1654cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll)WinVerifyTrust
1655cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1656cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1657cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1658cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1659cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1660cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1661cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1662cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1663cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1664cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef9f00000 LB 0x000e6000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1665cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1666cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1667cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1668cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1669cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1670cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1671cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1672cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1673cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1674cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1675cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1676cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1677cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
1678cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
1679cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
1680cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1681cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef9430000 LB 0x00021000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
1682cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1683cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f4 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1684cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1685cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1686cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4D02D067C3B8A3C451C3FBA58FE7FF999B62063
1687cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1688cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1689cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1690cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1691cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1692cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1693cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1695cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1696cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_197_for_KB2975331~31bf3856ad364e35~amd64~~6.2.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1697cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1698cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1699cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1700cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1701cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\Windows\system32\shell32.dll'
1702cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1703cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1704cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\kernel32.dll'
1705cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1706cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1707cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1708cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1709cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1710cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1711cd8.a08: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1712cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1713cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1714cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc200000 'C:\Windows\system32\user32.dll'
1715cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1716cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1717cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f00000 'C:\Windows\system32\uxtheme.dll'
1718cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc200000 'C:\Windows\system32\user32.dll'
1719cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1720cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1721cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc120000 'C:\Windows\system32\advapi32.dll'
1722cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000730 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
1723cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1724cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1725cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=02F34A003E7F4BE0E905BD00B35D7CC24D93B621
1726cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1727cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1728cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
1729cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1730cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1731cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1732cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
1733cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)WinVerifyTrust
1734cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
1735cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1736cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1737cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
1738cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1739cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1740cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1741cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1742cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1743cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
1744cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb690000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1745cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
1746cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb690000 'C:\Windows\system32\userenv.dll'
1747cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1748cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1749cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\kernel32.dll'
1750cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1751cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1752cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
1753cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
1754cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefbf20000 LB 0x00096000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
1755cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
1756cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000758 pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
1757cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1758cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1759cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D7BC4131B799D432403D0015E39B9A70022BAE9
1760cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1761cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1762cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1763cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1764cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1765cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1766cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-SKU-Foundation-Package-com~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
1767cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1768cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
1769cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1770cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1771cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1772cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\System32\oleaut32.dll'
1773cd8.a08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sxs.dll)
1774cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sxs.dll
1775cd8.a08: supR3HardenedDllNotificationCallback: load 000007fefb300000 LB 0x000b2000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
1776cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
1777cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007a8 pwszName=\Device\HarddiskVolume3\Windows\System32\sxs.dll
1778cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1779cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1780cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=550820DAB7281D3DCBEC06E17DE86BF47E2CD3F6
1781cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1782cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1783cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\sxs.dll'
1784cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1785cd8.a08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sxs.dll'
1786cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1787cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1788cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\OLEAUT32.dll'
1789cd8.a08: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1790cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1791cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1792cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd00000 'C:\Windows\system32\gdi32.dll'
1793cd8.f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1794cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1795cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1796cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1797cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1798cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1799cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1800cd8.f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1801cd8.f40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
1802cd8.f40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1803cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1804cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1805cd8.f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1806cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1807cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1808cd8.f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1809cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1810cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1811cd8.f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1812cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1813cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1814cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1815cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1816cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1817cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1818cd8.f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1819cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1820cd8.f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1821cd8.f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1822cd8.f40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1823cd8.f40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1824cd8.f40: supR3HardenedDllNotificationCallback: load 000007fee3a30000 LB 0x004f9000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1825cd8.f40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
1826cd8.f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3a30000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1827cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc200000 'C:\Windows\system32\user32.dll'
1828cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1829cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1830cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\Windows\system32\shell32.dll'
1831cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1832cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1833cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb80000 'C:\Windows\system32\ole32.dll'
1834cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1835cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1836cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb80000 'C:\Windows\system32\ole32.dll'
1837cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1838cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1839cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\OLEAUT32.dll'
1840cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
1841cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1842cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1843cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=797041D1959E87E61DFCD9BF827DEB4457E2A36D
1844cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1845cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1846cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-admin~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
1847cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1848cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1849cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1850cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'wbemcomn.dll'.
1851cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
1852cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
1853cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1854cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1855cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008c0 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
1856cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1857cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1858cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00AEDD2C2B6C59BA943DA3F9C0F203E0129CB5CD
1859cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1860cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1861cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-admin~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
1862cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1863cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1864cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
1865cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll)WinVerifyTrust
1866cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
1867cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1868cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1869cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1870cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1871cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1872cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1873cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1874cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1875cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1876cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1877cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1878cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
1879cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
1880cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4f10000 LB 0x0008e000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
1881cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
1882cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef4490000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1883cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
1884cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1885cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1886cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4490000 'C:\Windows\system32\wbem\wbemprox.dll'
1887cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
1888cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1889cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1890cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8E08A32F80D2DA1F6D64103ECBBD2AE3D64FA7AE
1891cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1892cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1893cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-admin~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
1894cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1895cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1896cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1897cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
1898cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
1899cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1900cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1901cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1902cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1903cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1904cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
1905cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef2e40000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
1906cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
1907cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2e40000 'C:\Windows\system32\wbem\wbemsvc.dll'
1908cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1909cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'api-ms-win-core-localization-l1-2-0.dll'
1910cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1911cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
1912cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
1913cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1914cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1915cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE6970C8F3C1E6BF0A1E99006BAB247B0AFDF986
1916cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1917cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1918cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServerCore-FullServer-ExtraFoundation-Package-admin~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
1919cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1920cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1921cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1922cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
1923cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
1924cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1925cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1926cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
1927cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1928cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1929cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1930cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
1931cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef2e80000 LB 0x000f9000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
1932cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
1933cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2e80000 'C:\Windows\system32\wbem\fastprox.dll'
1934cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1935cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1936cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\OLEAUT32.dll'
1937cd8.a08: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll' [redir]
1938cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll [redoing WinVerifyTrust]
1939cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c8 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll
1940cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1941cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1942cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9647854EA01E545CC5F982DEE11C5DE1B4815042
1943cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1944cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1945cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2864058~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll'
1946cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1947cd8.a08: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll'
1948cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1949cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4570000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9200.16658_none_776622cb3175a40c\comctl32.dll'
1950cd8.c8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1951cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1952cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1953cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1954cd8.c8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
1955cd8.c8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1956cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1957cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1958cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1959cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1960cd8.c8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1961cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1962cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1963cd8.c8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
1964cd8.c8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
1965cd8.c8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1966cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1967cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1968cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1969cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1970cd8.c8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1971cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1972cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1973cd8.c8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1974cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1975cd8.c8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1976cd8.c8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1977cd8.c8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1978cd8.c8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1979cd8.c8c: supR3HardenedDllNotificationCallback: load 00000000517f0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1980cd8.c8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
1981cd8.c8c: supR3HardenedDllNotificationCallback: load 000007fee8870000 LB 0x00262000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1982cd8.c8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1983cd8.c8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8870000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1984cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1985cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cac pwszName=\Device\HarddiskVolume3\Windows\System32\netcfgx.dll
1986cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
1987cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
1988cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=829460269B98869C5B50C244D878F5C9D87475BD
1989cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
1990cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1991cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
1992cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
1993cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_164_for_KB2822241~31bf3856ad364e35~amd64~~6.2.1.3.cat'; file='\Device\HarddiskVolume3\Windows\System32\netcfgx.dll'
1994cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1995cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1996cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1997cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'nsi.dll'.
1998cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netcfgx.dll)WinVerifyTrust
1999cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2000cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2001cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2002cd8.c48: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [redoing WinVerifyTrust]
2003cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
2004cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2005cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2006cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC82D86956DC746C44ACF0AFDA481952395E4EA2
2007cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2008cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2009cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2010cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2011cd8.c48: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2012cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2013cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2014cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2015cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2016cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2017cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2018cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2019cd8.c48: supR3HardenedDllNotificationCallback: load 000007fee7fc0000 LB 0x00073000 C:\Windows\System32\netcfgx.dll [fFlags=0x0]
2020cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2021cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fc0000 'C:\Windows\System32\netcfgx.dll'
2022cd8.c48: supR3HardenedDllNotificationCallback: load 000007fefdd10000 LB 0x001d0000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2023cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
2024cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2025cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2026cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'devobj.dll'.
2027cd8.c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll)
2028cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2029cd8.c48: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
2030cd8.c48: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rescheduled]
2031cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2032cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2033cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2034cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2035cd8.e84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [lacks WinVerifyTrust]
2036cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2037cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2038cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2039cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2040cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2041cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2042cd8.e84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2043cd8.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2044cd8.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2045cd8.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2046cd8.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2047cd8.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2048cd8.e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
2049cd8.e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2050cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2051cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2052cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2053cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2054cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2055cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2056cd8.e84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2057cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2058cd8.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2059cd8.e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2060cd8.e84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2061cd8.e84: supR3HardenedDllNotificationCallback: load 000007fef4670000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2062cd8.e84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2063cd8.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4670000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2064cd8.740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2065cd8.740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2066cd8.740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2067cd8.740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
2068cd8.740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2069cd8.740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2070cd8.740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2071cd8.740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2072cd8.740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2073cd8.740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2074cd8.740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2075cd8.740: supR3HardenedDllNotificationCallback: load 000007fef4660000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2076cd8.740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2077cd8.740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4660000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2078cd8.b44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2079cd8.b44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2080cd8.b44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2081cd8.b44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2082cd8.b44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
2083cd8.b44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2084cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2085cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2086cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2087cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2088cd8.b44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2089cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2090cd8.b44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2091cd8.b44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2092cd8.b44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2093cd8.b44: supR3HardenedDllNotificationCallback: load 000007fef4650000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2094cd8.b44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2095cd8.b44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4650000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2096cd8.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2097cd8.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2098cd8.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2099cd8.4a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2100cd8.4a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
2101cd8.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2102cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2103cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2104cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2105cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2106cd8.4a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2107cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2108cd8.4a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2109cd8.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2110cd8.4a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2111cd8.4a8: supR3HardenedDllNotificationCallback: load 000007fef33d0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2112cd8.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2113cd8.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef33d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2114cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2115cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2116cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\Windows\system32/Shell32.dll'
2117cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2118cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2119cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2120cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2121cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2122cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2123cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2124cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2125cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2126cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2127cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2128cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2129cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
2130cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2131cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2132cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2133cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dcc pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2134cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2135cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2136cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=91518DEB38DCCBF35D158EEF59E35F1D28849D3E
2137cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2138cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2139cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_190_for_KB2756872~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
2140cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2141cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2142cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
2143cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
2144cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2145cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2146cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2147cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2148cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2149cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2150cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2151cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2152cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2153cd8.c48: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
2154cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc0 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
2155cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2156cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2157cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BB851CC443841581E56963C9C6D803546CE2EDC
2158cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2159cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2160cd8.c48: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'.
2161cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2162cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2163cd8.c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
2164cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2165cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2166cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2167cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2168cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2169cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2170cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2171cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2172cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2173cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2174cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2175cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2176cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB2795944~31bf3856ad364e35~amd64~~6.2.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
2177cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2178cd8.c48: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
2179cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2180cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2181cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2182cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2183cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2184cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2185cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2186cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2187cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
2188cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2189cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2190cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2191cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2192cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2193cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2194cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2195cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2196cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2197cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2198cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2199cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2200cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2201cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2202cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2203cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2204cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2205cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
2206cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2207cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2208cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2209cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2210cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2211cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2212cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2213cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2214cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2215cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2216cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2217cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume3\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2218cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume3\Windows\System32\newdev.dll
2219cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2220cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2221cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=468C8A774FC56E31DA07309A4E36844672E25F8A
2222cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2223cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2224cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_9_for_KB2761094~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\newdev.dll'
2225cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2226cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2227cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2228cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2229cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2230cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2231cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2232cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2233cd8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\newdev.dll)WinVerifyTrust
2234cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\newdev.dll
2235cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2236cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2237cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2238cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2239cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2240cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2241cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2242cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2243cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2244cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2245cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2246cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2247cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
2248cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2249cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2250cd8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2251cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2252cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2253cd8.c48: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
2254cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2255cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2256cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2257cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2258cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2259cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2260cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2261cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2262cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2263cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2264cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2265cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2266cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2267cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2268cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2269cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
2270cd8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2271cd8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2272cd8.c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll)
2273cd8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
2274cd8.c48: supR3HardenedDllNotificationCallback: load 000007fefa7b0000 LB 0x00012000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
2275cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2276cd8.c48: supR3HardenedDllNotificationCallback: load 000007fef1570000 LB 0x0004d000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
2277cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\newdev.dll
2278cd8.c48: supR3HardenedDllNotificationCallback: load 000007fee8040000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2279cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2280cd8.c48: supR3HardenedDllNotificationCallback: load 000007fef15e0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2281cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2282cd8.c48: supR3HardenedDllNotificationCallback: load 000007fef8500000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2283cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2284cd8.c48: supR3HardenedDllNotificationCallback: load 000007fef8430000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2285cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2286cd8.c48: supR3HardenedDllNotificationCallback: load 000007fee2e40000 LB 0x008d2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2287cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2288cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2e40000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2289cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
2290cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2291cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2292cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77F5810F24E9E99A6B2A950068FD523DD492CFC5
2293cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2294cd8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2295cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2296cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2297cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
2298cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2299cd8.c48: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
2300cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll
2301cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2302cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2303cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7631D5CE1FA0F5B2B3B51D1F0AD7E4EE30F5A2C8
2304cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2305cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2306cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2307cd8.c48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2308cd8.c48: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2309cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2310cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2311cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2312cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3a30000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2313cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2314cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2315cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2316cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef15e0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2317cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2318cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2319cd8.eb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2320cd8.eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2321cd8.eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2322cd8.eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2323cd8.eb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
2324cd8.eb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2325cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2326cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2327cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2328cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2329cd8.eb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2330cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2331cd8.eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2332cd8.eb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2333cd8.eb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2334cd8.eb0: supR3HardenedDllNotificationCallback: load 000007fef33c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2335cd8.eb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2336cd8.eb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef33c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2337cd8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2338cd8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2339cd8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32/kernel32.dll'
2340cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd0 pwszName=\Device\HarddiskVolume3\Windows\System32\mscms.dll
2341cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2342cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2343cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\System32\WINTRUST.DLL'
2344cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\CRYPT32.dll'
2345cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=503A620D8F07B13E7D7020464558A75855E59C9B
2346cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2347cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2348cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB2855336~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\mscms.dll'
2349cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2350cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2351cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
2352cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2353cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2354cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mscms.dll)WinVerifyTrust
2355cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mscms.dll
2356cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2357cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2358cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2359cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2360cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2361cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2362cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2363cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2364cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2365cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2366cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mscms.dll
2367cd8.a08: supR3HardenedDllNotificationCallback: load 000007fef8780000 LB 0x00091000 C:\Windows\system32\mscms.dll [fFlags=0x0]
2368cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mscms.dll
2369cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8780000 'C:\Windows\system32\mscms.dll'
2370cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc8 pwszName=\Device\HarddiskVolume3\Windows\System32\icm32.dll
2371cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000147cbe0
2372cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000147cbe0
2373cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D1D2EB02412561802223B7D83A52515C47EB187
2374cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9d0000 'C:\Windows\system32\rsaenh.dll'
2375cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb830000 'C:\Windows\system32\crypt32.dll'
2376cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB2855336~31bf3856ad364e35~amd64~~6.2.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\icm32.dll'
2377cd8.a08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2378cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2379cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
2380cd8.a08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2381cd8.a08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\icm32.dll)WinVerifyTrust
2382cd8.a08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\icm32.dll
2383cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2384cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2385cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
2386cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume3\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
2387cd8.a08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mscms.dll
2388cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2389cd8.a08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2390cd8.a08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2391cd8.a08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\icm32.dll
2392cd8.a08: supR3HardenedDllNotificationCallback: load 000007fee5ca0000 LB 0x00040000 C:\Windows\system32\icm32.dll [fFlags=0x0]
2393cd8.a08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\icm32.dll
2394cd8.a08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5ca0000 'C:\Windows\system32\icm32.dll'
2395ea8.e40: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc000041d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 344593 ms, the end);
2396d04.af8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc000041d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 345033 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy