VirtualBox

Ticket #15220: VBoxHardening.log

File VBoxHardening.log, 335.7 KB (added by Cobra98, 9 years ago)
Line 
13738.3040: Log file opened: 5.0.16r105871 g_hStartupLog=000000000000018c g_uNtVerCombined=0x611db110
23738.3040: \SystemRoot\System32\ntdll.dll:
33738.3040: CreationTime: 2016-03-08T13:25:29.954654100Z
43738.3040: LastWriteTime: 2016-01-22T06:30:15.875675000Z
53738.3040: ChangeTime: 2016-03-08T13:58:26.681716400Z
63738.3040: FileAttributes: 0x20
73738.3040: Size: 0x1a71d8
83738.3040: NT Headers: 0xe0
93738.3040: Timestamp: 0x56a1cb4e
103738.3040: Machine: 0x8664 - amd64
113738.3040: Timestamp: 0x56a1cb4e
123738.3040: Image Version: 6.1
133738.3040: SizeOfImage: 0x1aa000 (1744896)
143738.3040: Resource Dir: 0x14e000 LB 0x5a028
153738.3040: ProductName: Microsoft® Windows® Operating System
163738.3040: ProductVersion: 6.1.7601.23338
173738.3040: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
183738.3040: FileDescription: NT Layer DLL
193738.3040: \SystemRoot\System32\kernel32.dll:
203738.3040: CreationTime: 2016-03-08T13:25:28.424566600Z
213738.3040: LastWriteTime: 2016-01-22T06:28:09.279000000Z
223738.3040: ChangeTime: 2016-03-08T13:58:26.782722200Z
233738.3040: FileAttributes: 0x20
243738.3040: Size: 0x11c400
253738.3040: NT Headers: 0xe0
263738.3040: Timestamp: 0x56a1cb25
273738.3040: Machine: 0x8664 - amd64
283738.3040: Timestamp: 0x56a1cb25
293738.3040: Image Version: 6.1
303738.3040: SizeOfImage: 0x11f000 (1175552)
313738.3040: Resource Dir: 0x116000 LB 0x528
323738.3040: ProductName: Microsoft® Windows® Operating System
333738.3040: ProductVersion: 6.1.7601.23338
343738.3040: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
353738.3040: FileDescription: Windows NT BASE API Client DLL
363738.3040: \SystemRoot\System32\KernelBase.dll:
373738.3040: CreationTime: 2016-03-08T13:25:28.237555900Z
383738.3040: LastWriteTime: 2016-01-22T06:28:09.279000000Z
393738.3040: ChangeTime: 2016-03-08T13:58:26.784722300Z
403738.3040: FileAttributes: 0x20
413738.3040: Size: 0x66800
423738.3040: NT Headers: 0xe8
433738.3040: Timestamp: 0x56a1cb26
443738.3040: Machine: 0x8664 - amd64
453738.3040: Timestamp: 0x56a1cb26
463738.3040: Image Version: 6.1
473738.3040: SizeOfImage: 0x6a000 (434176)
483738.3040: Resource Dir: 0x68000 LB 0x530
493738.3040: ProductName: Microsoft® Windows® Operating System
503738.3040: ProductVersion: 6.1.7601.23338
513738.3040: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
523738.3040: FileDescription: Windows NT BASE API Client DLL
533738.3040: \SystemRoot\System32\apisetschema.dll:
543738.3040: CreationTime: 2016-03-08T13:25:23.949310600Z
553738.3040: LastWriteTime: 2016-01-22T06:17:43.259000000Z
563738.3040: ChangeTime: 2016-03-08T13:58:26.674716000Z
573738.3040: FileAttributes: 0x20
583738.3040: Size: 0x1a00
593738.3040: NT Headers: 0xc0
603738.3040: Timestamp: 0x56a1c9c8
613738.3040: Machine: 0x8664 - amd64
623738.3040: Timestamp: 0x56a1c9c8
633738.3040: Image Version: 6.1
643738.3040: SizeOfImage: 0x50000 (327680)
653738.3040: Resource Dir: 0x30000 LB 0x3f8
663738.3040: ProductName: Microsoft® Windows® Operating System
673738.3040: ProductVersion: 6.1.7601.23338
683738.3040: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
693738.3040: FileDescription: ApiSet Schema DLL
703738.3040: Found driver NisDrv (0x400)
713738.3040: Found driver inspect (0x800)
723738.3040: Found driver cmdHlp (0x800)
733738.3040: supR3HardenedWinFindAdversaries: 0xc88
743738.3040: \SystemRoot\System32\drivers\tmcomm.sys:
753738.3040: CreationTime: 2015-09-19T13:59:55.638303700Z
763738.3040: LastWriteTime: 2015-10-31T01:02:12.425283900Z
773738.3040: ChangeTime: 2016-02-26T15:31:27.463281200Z
783738.3040: FileAttributes: 0x20
793738.3040: Size: 0x4b098
803738.3040: NT Headers: 0xe8
813738.3040: Timestamp: 0x5568186c
823738.3040: Machine: 0x8664 - amd64
833738.3040: Timestamp: 0x5568186c
843738.3040: Image Version: 6.0
853738.3040: SizeOfImage: 0x4f000 (323584)
863738.3040: Resource Dir: 0x4d000 LB 0x760
873738.3040: ProductName: Trend Micro Eyes
883738.3040: ProductVersion: 6.50
893738.3040: FileVersion: 6.50.0.1058
903738.3040: SpecialBuild: 1058
913738.3040: PrivateBuild: Build 1058 - 5/29/2015
923738.3040: FileDescription: TrendMicro Common Module
933738.3040: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
943738.3040: CreationTime: 2015-10-11T15:21:21.883197800Z
953738.3040: LastWriteTime: 2015-10-11T15:21:21.884197800Z
963738.3040: ChangeTime: 2016-02-26T15:31:27.423278900Z
973738.3040: FileAttributes: 0x20
983738.3040: Size: 0x2eed8
993738.3040: NT Headers: 0xe0
1003738.3040: Timestamp: 0x55b855d9
1013738.3040: Machine: 0x8664 - amd64
1023738.3040: Timestamp: 0x55b855d9
1033738.3040: Image Version: 6.1
1043738.3040: SizeOfImage: 0x33000 (208896)
1053738.3040: Resource Dir: 0x31000 LB 0x3b8
1063738.3040: ProductName: Malwarebytes Anti-Malware
1073738.3040: ProductVersion: 0.3.0.0
1083738.3040: FileVersion: 0.3.0.0
1093738.3040: FileDescription: Malwarebytes Anti-Malware
1103738.3040: \SystemRoot\System32\drivers\mbamchameleon.sys:
1113738.3040: CreationTime: 2015-10-11T15:17:02.592367200Z
1123738.3040: LastWriteTime: 2015-10-11T15:17:02.678372100Z
1133738.3040: ChangeTime: 2016-02-26T15:31:27.423278900Z
1143738.3040: FileAttributes: 0x20
1153738.3040: Size: 0x1aad8
1163738.3040: NT Headers: 0xd8
1173738.3040: Timestamp: 0x55c103c3
1183738.3040: Machine: 0x8664 - amd64
1193738.3040: Timestamp: 0x55c103c3
1203738.3040: Image Version: 6.1
1213738.3040: SizeOfImage: 0x1e000 (122880)
1223738.3040: Resource Dir: 0x1c000 LB 0xba8
1233738.3040: ProductName: Malwarebytes Chameleon
1243738.3040: ProductVersion: 1.1.21.0
1253738.3040: FileVersion: 1.1.21.0
1263738.3040: FileDescription: Malwarebytes Chameleon Protection Driver
1273738.3040: \SystemRoot\System32\drivers\MpFilter.sys:
1283738.3040: CreationTime: 2013-01-20T14:59:04.000000000Z
1293738.3040: LastWriteTime: 2013-01-20T14:59:04.000000000Z
1303738.3040: ChangeTime: 2016-02-26T15:31:32.804586700Z
1313738.3040: FileAttributes: 0x20
1323738.3040: Size: 0x383b0
1333738.3040: NT Headers: 0xe8
1343738.3040: Timestamp: 0x5091a97a
1353738.3040: Machine: 0x8664 - amd64
1363738.3040: Timestamp: 0x5091a97a
1373738.3040: Image Version: 6.2
1383738.3040: SizeOfImage: 0x38000 (229376)
1393738.3040: Resource Dir: 0x36000 LB 0x928
1403738.3040: ProductName: Microsoft Malware Protection
1413738.3040: ProductVersion: 4.2.0206.0
1423738.3040: FileVersion: 4.2.0206.0
1433738.3040: FileDescription: Microsoft antimalware file system filter driver
1443738.3040: \SystemRoot\System32\drivers\NisDrvWFP.sys:
1453738.3040: CreationTime: 2010-10-24T20:25:38.000000000Z
1463738.3040: LastWriteTime: 2013-01-20T14:59:04.000000000Z
1473738.3040: ChangeTime: 2016-02-26T15:31:32.816587300Z
1483738.3040: FileAttributes: 0x20
1493738.3040: Size: 0x1fbd8
1503738.3040: NT Headers: 0xe8
1513738.3040: Timestamp: 0x5091a992
1523738.3040: Machine: 0x8664 - amd64
1533738.3040: Timestamp: 0x5091a992
1543738.3040: Image Version: 6.2
1553738.3040: SizeOfImage: 0x21000 (135168)
1563738.3040: Resource Dir: 0x1e000 LB 0x1930
1573738.3040: ProductName: Microsoft Malware Protection
1583738.3040: ProductVersion: 4.2.0206.0
1593738.3040: FileVersion: 4.2.0206.0
1603738.3040: FileDescription: Microsoft Network Realtime Inspection Driver
1613738.3040: \SystemRoot\System32\drivers\cmdguard.sys:
1623738.3040: CreationTime: 2013-06-18T14:16:10.000000000Z
1633738.3040: LastWriteTime: 2015-08-05T00:31:21.096400000Z
1643738.3040: ChangeTime: 2016-02-26T15:31:27.385276700Z
1653738.3040: FileAttributes: 0x20
1663738.3040: Size: 0xc4c90
1673738.3040: NT Headers: 0xf0
1683738.3040: Timestamp: 0x55c148e6
1693738.3040: Machine: 0x8664 - amd64
1703738.3040: Timestamp: 0x55c148e6
1713738.3040: Image Version: 6.1
1723738.3040: SizeOfImage: 0xd2000 (860160)
1733738.3040: Resource Dir: 0xcf000 LB 0x3e8
1743738.3040: ProductName: COMODO Internet Security Sandbox Driver
1753738.3040: ProductVersion: 8, 2, 0, 4674
1763738.3040: FileVersion: 8, 2, 0, 4674 built by: WinDDK
1773738.3040: FileDescription: COMODO Internet Security Sandbox Driver
1783738.3040: \SystemRoot\System32\drivers\cmderd.sys:
1793738.3040: CreationTime: 2013-06-18T14:16:08.000000000Z
1803738.3040: LastWriteTime: 2015-08-05T00:31:18.085600000Z
1813738.3040: ChangeTime: 2016-02-26T15:31:27.385276700Z
1823738.3040: FileAttributes: 0x20
1833738.3040: Size: 0x52c0
1843738.3040: NT Headers: 0xe0
1853738.3040: Timestamp: 0x55c148b6
1863738.3040: Machine: 0x8664 - amd64
1873738.3040: Timestamp: 0x55c148b6
1883738.3040: Image Version: 6.1
1893738.3040: SizeOfImage: 0x9000 (36864)
1903738.3040: Resource Dir: 0x7000 LB 0x3f0
1913738.3040: ProductName: COMODO Internet Security Eradication Driver
1923738.3040: ProductVersion: 8, 2, 0, 4674
1933738.3040: FileVersion: 8, 2, 0, 4674 built by: WinDDK
1943738.3040: FileDescription: COMODO Internet Security Eradication Driver
1953738.3040: \SystemRoot\System32\drivers\inspect.sys:
1963738.3040: CreationTime: 2013-06-18T14:16:12.000000000Z
1973738.3040: LastWriteTime: 2015-08-05T00:31:27.118000000Z
1983738.3040: ChangeTime: 2016-02-26T15:31:27.419278600Z
1993738.3040: FileAttributes: 0x20
2003738.3040: Size: 0x19a88
2013738.3040: NT Headers: 0xe0
2023738.3040: Timestamp: 0x55c148be
2033738.3040: Machine: 0x8664 - amd64
2043738.3040: Timestamp: 0x55c148be
2053738.3040: Image Version: 6.1
2063738.3040: SizeOfImage: 0x1d000 (118784)
2073738.3040: Resource Dir: 0x1b000 LB 0x3e8
2083738.3040: ProductName: COMODO Internet Security Firewall Driver
2093738.3040: ProductVersion: 8, 2, 0, 4674
2103738.3040: FileVersion: 8, 2, 0, 4674 built by: WinDDK
2113738.3040: FileDescription: COMODO Internet Security Firewall Driver
2123738.3040: \SystemRoot\System32\drivers\cmdhlp.sys:
2133738.3040: CreationTime: 2013-06-18T14:16:10.000000000Z
2143738.3040: LastWriteTime: 2015-08-05T00:31:24.060400000Z
2153738.3040: ChangeTime: 2016-02-26T15:31:27.386276700Z
2163738.3040: FileAttributes: 0x20
2173738.3040: Size: 0xb320
2183738.3040: NT Headers: 0xe8
2193738.3040: Timestamp: 0x55c148c7
2203738.3040: Machine: 0x8664 - amd64
2213738.3040: Timestamp: 0x55c148c7
2223738.3040: Image Version: 6.1
2233738.3040: SizeOfImage: 0xd000 (53248)
2243738.3040: Resource Dir: 0xc000 LB 0x3e0
2253738.3040: ProductName: COMODO Internet Security Helper Driver
2263738.3040: ProductVersion: 8, 2, 0, 4674
2273738.3040: FileVersion: 8, 2, 0, 4674 built by: WinDDK
2283738.3040: FileDescription: COMODO Internet Security Helper Driver
2293738.3040: \SystemRoot\System32\guard64.dll:
2303738.3040: CreationTime: 2013-06-18T14:15:48.000000000Z
2313738.3040: LastWriteTime: 2015-09-03T11:52:00.103200000Z
2323738.3040: ChangeTime: 2016-02-26T15:30:54.406390400Z
2333738.3040: FileAttributes: 0x20
2343738.3040: Size: 0x8d750
2353738.3040: NT Headers: 0x118
2363738.3040: Timestamp: 0x55e818af
2373738.3040: Machine: 0x8664 - amd64
2383738.3040: Timestamp: 0x55e818af
2393738.3040: Image Version: 0.0
2403738.3040: SizeOfImage: 0x96000 (614400)
2413738.3040: Resource Dir: 0x93000 LB 0xd80
2423738.3040: ProductName: COMODO Internet Security
2433738.3040: ProductVersion: 8, 2, 0, 4703
2443738.3040: FileVersion: 8, 2, 0, 4703
2453738.3040: FileDescription: COMODO Internet Security
2463738.3040: \SystemRoot\System32\cmdvrt64.dll:
2473738.3040: CreationTime: 2013-06-18T14:15:40.000000000Z
2483738.3040: LastWriteTime: 2015-08-05T00:28:50.806000000Z
2493738.3040: ChangeTime: 2016-02-26T15:30:54.330386100Z
2503738.3040: FileAttributes: 0x20
2513738.3040: Size: 0x576c0
2523738.3040: NT Headers: 0x100
2533738.3040: Timestamp: 0x55c1491b
2543738.3040: Machine: 0x8664 - amd64
2553738.3040: Timestamp: 0x55c1491b
2563738.3040: Image Version: 0.0
2573738.3040: SizeOfImage: 0x5d000 (380928)
2583738.3040: Resource Dir: 0x5b000 LB 0x5ac
2593738.3040: ProductName: COMODO Internet Security
2603738.3040: ProductVersion: 8, 2, 0, 4674
2613738.3040: FileVersion: 8, 2, 0, 4674
2623738.3040: FileDescription: COMODO Internet Security
2633738.3040: \SystemRoot\System32\cmdkbd64.dll:
2643738.3040: CreationTime: 2013-06-18T14:15:40.000000000Z
2653738.3040: LastWriteTime: 2015-08-05T00:28:20.760400000Z
2663738.3040: ChangeTime: 2016-02-26T15:30:54.329386000Z
2673738.3040: FileAttributes: 0x20
2683738.3040: Size: 0xb2c0
2693738.3040: NT Headers: 0xe8
2703738.3040: Timestamp: 0x55c14914
2713738.3040: Machine: 0x8664 - amd64
2723738.3040: Timestamp: 0x55c14914
2733738.3040: Image Version: 0.0
2743738.3040: SizeOfImage: 0xf000 (61440)
2753738.3040: Resource Dir: 0xd000 LB 0x5ac
2763738.3040: ProductName: COMODO Internet Security
2773738.3040: ProductVersion: 8, 2, 0, 4674
2783738.3040: FileVersion: 8, 2, 0, 4674
2793738.3040: FileDescription: COMODO Internet Security
2803738.3040: \SystemRoot\System32\cmdcsr.dll:
2813738.3040: CreationTime: 2013-06-18T14:15:50.000000000Z
2823738.3040: LastWriteTime: 2015-08-05T00:29:56.903200000Z
2833738.3040: ChangeTime: 2016-02-26T15:30:54.329386000Z
2843738.3040: FileAttributes: 0x20
2853738.3040: Size: 0xa108
2863738.3040: NT Headers: 0xd8
2873738.3040: Timestamp: 0x55c14910
2883738.3040: Machine: 0x8664 - amd64
2893738.3040: Timestamp: 0x55c14910
2903738.3040: Image Version: 0.0
2913738.3040: SizeOfImage: 0xc000 (49152)
2923738.3040: Resource Dir: 0xa000 LB 0x4a8
2933738.3040: ProductName: COMODO Internet Security
2943738.3040: ProductVersion: 8, 2, 0, 4674
2953738.3040: FileVersion: 8, 2, 0, 4674
2963738.3040: FileDescription: COMODO Internet Security
2973738.3040: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2983738.3040: Calling main()
2993738.3040: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3003738.3040: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3013738.3040: SUPR3HardenedMain: Respawn #1
3023738.3040: System32: \Device\HarddiskVolume3\Windows\System32
3033738.3040: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
3043738.3040: KnownDllPath: C:\Windows\system32
3053738.3040: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3063738.3040: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3073738.3040: supR3HardNtEnableThreadCreation:
3083738.3040: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a0e0 pvNtTerminateThread=000000007768c060
3093738.3040: supR3HardenedWinDoReSpawn(1): New child 3df0.42e8 [kernel32].
3103738.3040: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
3113738.3040: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077640000 uNtDllChildAddr=0000000077640000
3123738.3040: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007766a0e0
3133738.3040: supR3HardenedWinSetupChildInit: Start child.
3143738.3040: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3153738.3040: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 64 sleeps
3163738.3040: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3173738.3040: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3183738.3040: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3193738.3040: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3203738.3040: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3213738.3040: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3223738.3040: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
3233738.3040: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
3243738.3040: 0000000000051000-fffffffffff41fff 0x0001/0x0000 0x0000000
3253738.3040: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
3263738.3040: 000000000025c000-0000000000258fff 0x0104/0x0004 0x0020000
3273738.3040: 000000000025f000-000000000025dfff 0x0004/0x0004 0x0020000
3283738.3040: 0000000000260000-ffffffff88e7ffff 0x0001/0x0000 0x0000000
3293738.3040: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3303738.3040: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3313738.3040: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3323738.3040: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3333738.3040: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3343738.3040: 0000000077778000-000000007777afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3353738.3040: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3363738.3040: 00000000777ea000-0000000070003fff 0x0001/0x0000 0x0000000
3373738.3040: *000000007efd0000-000000007efc1fff 0x0040/0x0040 0x0020000 !!
3383738.3040: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000007efd0000 (LB 0xe000, 000000007efd0000 LB 0xe000)
3393738.3040: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000007efd0000/000000007efd0000 LB 0/0xe000]
3403738.3040: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000007efd0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
3413738.3040: 000000007efde000-000000007efdbfff 0x0001/0x0000 0x0000000
3423738.3040: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3433738.3040: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3443738.3040: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3453738.3040: 000000007fff0000-ffffffffc0f2ffff 0x0001/0x0000 0x0000000
3463738.3040: *000000013f0b0000-000000013f0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3473738.3040: 000000013f0b1000-000000013f137fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3483738.3040: 000000013f138000-000000013f138fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3493738.3040: 000000013f139000-000000013f183fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3503738.3040: 000000013f184000-000000013f184fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3513738.3040: 000000013f185000-000000013f185fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3523738.3040: 000000013f186000-000000013f18afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3533738.3040: 000000013f18b000-000000013f18bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3543738.3040: 000000013f18c000-000000013f18cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3553738.3040: 000000013f18d000-000000013f190fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3563738.3040: 000000013f191000-000000013f1dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3573738.3040: 000000013f1dc000-fffff8037ea57fff 0x0001/0x0000 0x0000000
3583738.3040: *000007feff960000-000007feff960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
3593738.3040: 000007feff961000-000007fdff311fff 0x0001/0x0000 0x0000000
3603738.3040: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3613738.3040: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
3623738.3040: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
3633738.3040: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
3643738.3040: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3653738.3040: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3663738.3040: apisetschema.dll: timestamp 0x56a1c9c8 (rc=VINF_SUCCESS)
3673738.3040: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
3683738.3040: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3693738.3040: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
3703738.3040: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3713738.3040: ntdll.dll: Differences in section #1 (.text) between file and memory:
3723738.3040: 000000007768d340 / 0x004d340: 4c != e9
3733738.3040: 000000007768d341 / 0x004d341: 8b != bb
3743738.3040: 000000007768d342 / 0x004d342: d1 != 2c
3753738.3040: 000000007768d343 / 0x004d343: b8 != 94
3763738.3040: 000000007768d344 / 0x004d344: 7e != 07
3773738.3040: Restored 0x2000 bytes of original file content at 000000007768c0ee
3783738.3040: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0xc88 cPatchCount=0
3793738.3040: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 64 sleeps
3803738.3040: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3813738.3040: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3823738.3040: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3833738.3040: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3843738.3040: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3853738.3040: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3863738.3040: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
3873738.3040: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
3883738.3040: 0000000000051000-fffffffffff41fff 0x0001/0x0000 0x0000000
3893738.3040: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
3903738.3040: 000000000025c000-0000000000258fff 0x0104/0x0004 0x0020000
3913738.3040: 000000000025f000-000000000025dfff 0x0004/0x0004 0x0020000
3923738.3040: 0000000000260000-ffffffff88e7ffff 0x0001/0x0000 0x0000000
3933738.3040: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3943738.3040: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3953738.3040: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3963738.3040: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3973738.3040: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3983738.3040: 0000000077778000-0000000077778fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3993738.3040: 0000000077779000-000000007777afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4003738.3040: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
4013738.3040: 00000000777ea000-000000006fff3fff 0x0001/0x0000 0x0000000
4023738.3040: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4033738.3040: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4043738.3040: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4053738.3040: 000000007fff0000-ffffffffc0f2ffff 0x0001/0x0000 0x0000000
4063738.3040: *000000013f0b0000-000000013f0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4073738.3040: 000000013f0b1000-000000013f137fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4083738.3040: 000000013f138000-000000013f138fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4093738.3040: 000000013f139000-000000013f183fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4103738.3040: 000000013f184000-000000013f190fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4113738.3040: 000000013f191000-000000013f1dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4123738.3040: 000000013f1dc000-fffff8037ea57fff 0x0001/0x0000 0x0000000
4133738.3040: *000007feff960000-000007feff960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
4143738.3040: 000007feff961000-000007fdff311fff 0x0001/0x0000 0x0000000
4153738.3040: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4163738.3040: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
4173738.3040: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
4183738.3040: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
4193738.3040: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4203738.3040: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4213738.3040: supR3HardNtChildPurify: Done after 1323 ms and 2 fixes (loop #1).
4223df0.42e8: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
4233df0.42e8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077640000 g_uNtVerCombined=0x611db100
4243df0.42e8: ntdll.dll: timestamp 0x56a1cb4e (rc=VINF_SUCCESS)
4253738.3040: supR3HardNtEnableThreadCreation:
4263df0.42e8: New simple heap: #1 0000000000260000 LB 0x400000 (for 1744896 allocation)
4273df0.42e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4283df0.42e8: System32: \Device\HarddiskVolume3\Windows\System32
4293df0.42e8: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
4303df0.42e8: KnownDllPath: C:\Windows\system32
4313df0.42e8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
4323df0.42e8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4333df0.42e8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4343df0.42e8: Registered Dll notification callback with NTDLL.
4353df0.42e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
4363df0.42e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
4373df0.42e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4383df0.42e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4393df0.42e8: supR3HardenedDllNotificationCallback: load 0000000077420000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4403df0.42e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4413df0.42e8: supR3HardenedDllNotificationCallback: load 000007fefd440000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4423df0.42e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4433df0.42e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4443df0.42e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077420000 'C:\Windows\system32\kernel32.dll'
4453df0.42e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a0e0 pvNtTerminateThread=000000007768c060
4463738.3040: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 24 ms.
4473df0.42e8: \SystemRoot\System32\ntdll.dll:
4483df0.42e8: CreationTime: 2016-03-08T13:25:29.954654100Z
4493df0.42e8: LastWriteTime: 2016-01-22T06:30:15.875675000Z
4503df0.42e8: ChangeTime: 2016-03-08T13:58:26.681716400Z
4513df0.42e8: FileAttributes: 0x20
4523df0.42e8: Size: 0x1a71d8
4533df0.42e8: NT Headers: 0xe0
4543df0.42e8: Timestamp: 0x56a1cb4e
4553df0.42e8: Machine: 0x8664 - amd64
4563df0.42e8: Timestamp: 0x56a1cb4e
4573df0.42e8: Image Version: 6.1
4583df0.42e8: SizeOfImage: 0x1aa000 (1744896)
4593df0.42e8: Resource Dir: 0x14e000 LB 0x5a028
4603df0.42e8: ProductName: Microsoft® Windows® Operating System
4613df0.42e8: ProductVersion: 6.1.7601.23338
4623df0.42e8: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
4633df0.42e8: FileDescription: NT Layer DLL
4643df0.42e8: \SystemRoot\System32\kernel32.dll:
4653df0.42e8: CreationTime: 2016-03-08T13:25:28.424566600Z
4663df0.42e8: LastWriteTime: 2016-01-22T06:28:09.279000000Z
4673df0.42e8: ChangeTime: 2016-03-08T13:58:26.782722200Z
4683df0.42e8: FileAttributes: 0x20
4693df0.42e8: Size: 0x11c400
4703df0.42e8: NT Headers: 0xe0
4713df0.42e8: Timestamp: 0x56a1cb25
4723df0.42e8: Machine: 0x8664 - amd64
4733df0.42e8: Timestamp: 0x56a1cb25
4743df0.42e8: Image Version: 6.1
4753df0.42e8: SizeOfImage: 0x11f000 (1175552)
4763df0.42e8: Resource Dir: 0x116000 LB 0x528
4773df0.42e8: ProductName: Microsoft® Windows® Operating System
4783df0.42e8: ProductVersion: 6.1.7601.23338
4793df0.42e8: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
4803df0.42e8: FileDescription: Windows NT BASE API Client DLL
4813df0.42e8: \SystemRoot\System32\KernelBase.dll:
4823df0.42e8: CreationTime: 2016-03-08T13:25:28.237555900Z
4833df0.42e8: LastWriteTime: 2016-01-22T06:28:09.279000000Z
4843df0.42e8: ChangeTime: 2016-03-08T13:58:26.784722300Z
4853df0.42e8: FileAttributes: 0x20
4863df0.42e8: Size: 0x66800
4873df0.42e8: NT Headers: 0xe8
4883df0.42e8: Timestamp: 0x56a1cb26
4893df0.42e8: Machine: 0x8664 - amd64
4903df0.42e8: Timestamp: 0x56a1cb26
4913df0.42e8: Image Version: 6.1
4923df0.42e8: SizeOfImage: 0x6a000 (434176)
4933df0.42e8: Resource Dir: 0x68000 LB 0x530
4943df0.42e8: ProductName: Microsoft® Windows® Operating System
4953df0.42e8: ProductVersion: 6.1.7601.23338
4963df0.42e8: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
4973df0.42e8: FileDescription: Windows NT BASE API Client DLL
4983df0.42e8: \SystemRoot\System32\apisetschema.dll:
4993df0.42e8: CreationTime: 2016-03-08T13:25:23.949310600Z
5003df0.42e8: LastWriteTime: 2016-01-22T06:17:43.259000000Z
5013df0.42e8: ChangeTime: 2016-03-08T13:58:26.674716000Z
5023df0.42e8: FileAttributes: 0x20
5033df0.42e8: Size: 0x1a00
5043df0.42e8: NT Headers: 0xc0
5053df0.42e8: Timestamp: 0x56a1c9c8
5063df0.42e8: Machine: 0x8664 - amd64
5073df0.42e8: Timestamp: 0x56a1c9c8
5083df0.42e8: Image Version: 6.1
5093df0.42e8: SizeOfImage: 0x50000 (327680)
5103df0.42e8: Resource Dir: 0x30000 LB 0x3f8
5113df0.42e8: ProductName: Microsoft® Windows® Operating System
5123df0.42e8: ProductVersion: 6.1.7601.23338
5133df0.42e8: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
5143df0.42e8: FileDescription: ApiSet Schema DLL
5153df0.42e8: Found driver NisDrv (0x400)
5163df0.42e8: Found driver inspect (0x800)
5173df0.42e8: Found driver cmdHlp (0x800)
5183df0.42e8: supR3HardenedWinFindAdversaries: 0xc88
5193df0.42e8: \SystemRoot\System32\drivers\tmcomm.sys:
5203df0.42e8: CreationTime: 2015-09-19T13:59:55.638303700Z
5213df0.42e8: LastWriteTime: 2015-10-31T01:02:12.425283900Z
5223df0.42e8: ChangeTime: 2016-02-26T15:31:27.463281200Z
5233df0.42e8: FileAttributes: 0x20
5243df0.42e8: Size: 0x4b098
5253df0.42e8: NT Headers: 0xe8
5263df0.42e8: Timestamp: 0x5568186c
5273df0.42e8: Machine: 0x8664 - amd64
5283df0.42e8: Timestamp: 0x5568186c
5293df0.42e8: Image Version: 6.0
5303df0.42e8: SizeOfImage: 0x4f000 (323584)
5313df0.42e8: Resource Dir: 0x4d000 LB 0x760
5323df0.42e8: ProductName: Trend Micro Eyes
5333df0.42e8: ProductVersion: 6.50
5343df0.42e8: FileVersion: 6.50.0.1058
5353df0.42e8: SpecialBuild: 1058
5363df0.42e8: PrivateBuild: Build 1058 - 5/29/2015
5373df0.42e8: FileDescription: TrendMicro Common Module
5383df0.42e8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5393df0.42e8: CreationTime: 2015-10-11T15:21:21.883197800Z
5403df0.42e8: LastWriteTime: 2015-10-11T15:21:21.884197800Z
5413df0.42e8: ChangeTime: 2016-02-26T15:31:27.423278900Z
5423df0.42e8: FileAttributes: 0x20
5433df0.42e8: Size: 0x2eed8
5443df0.42e8: NT Headers: 0xe0
5453df0.42e8: Timestamp: 0x55b855d9
5463df0.42e8: Machine: 0x8664 - amd64
5473df0.42e8: Timestamp: 0x55b855d9
5483df0.42e8: Image Version: 6.1
5493df0.42e8: SizeOfImage: 0x33000 (208896)
5503df0.42e8: Resource Dir: 0x31000 LB 0x3b8
5513df0.42e8: ProductName: Malwarebytes Anti-Malware
5523df0.42e8: ProductVersion: 0.3.0.0
5533df0.42e8: FileVersion: 0.3.0.0
5543df0.42e8: FileDescription: Malwarebytes Anti-Malware
5553df0.42e8: \SystemRoot\System32\drivers\mbamchameleon.sys:
5563df0.42e8: CreationTime: 2015-10-11T15:17:02.592367200Z
5573df0.42e8: LastWriteTime: 2015-10-11T15:17:02.678372100Z
5583df0.42e8: ChangeTime: 2016-02-26T15:31:27.423278900Z
5593df0.42e8: FileAttributes: 0x20
5603df0.42e8: Size: 0x1aad8
5613df0.42e8: NT Headers: 0xd8
5623df0.42e8: Timestamp: 0x55c103c3
5633df0.42e8: Machine: 0x8664 - amd64
5643df0.42e8: Timestamp: 0x55c103c3
5653df0.42e8: Image Version: 6.1
5663df0.42e8: SizeOfImage: 0x1e000 (122880)
5673df0.42e8: Resource Dir: 0x1c000 LB 0xba8
5683df0.42e8: ProductName: Malwarebytes Chameleon
5693df0.42e8: ProductVersion: 1.1.21.0
5703df0.42e8: FileVersion: 1.1.21.0
5713df0.42e8: FileDescription: Malwarebytes Chameleon Protection Driver
5723df0.42e8: \SystemRoot\System32\drivers\MpFilter.sys:
5733df0.42e8: CreationTime: 2013-01-20T14:59:04.000000000Z
5743df0.42e8: LastWriteTime: 2013-01-20T14:59:04.000000000Z
5753df0.42e8: ChangeTime: 2016-02-26T15:31:32.804586700Z
5763df0.42e8: FileAttributes: 0x20
5773df0.42e8: Size: 0x383b0
5783df0.42e8: NT Headers: 0xe8
5793df0.42e8: Timestamp: 0x5091a97a
5803df0.42e8: Machine: 0x8664 - amd64
5813df0.42e8: Timestamp: 0x5091a97a
5823df0.42e8: Image Version: 6.2
5833df0.42e8: SizeOfImage: 0x38000 (229376)
5843df0.42e8: Resource Dir: 0x36000 LB 0x928
5853df0.42e8: ProductName: Microsoft Malware Protection
5863df0.42e8: ProductVersion: 4.2.0206.0
5873df0.42e8: FileVersion: 4.2.0206.0
5883df0.42e8: FileDescription: Microsoft antimalware file system filter driver
5893df0.42e8: \SystemRoot\System32\drivers\NisDrvWFP.sys:
5903df0.42e8: CreationTime: 2010-10-24T20:25:38.000000000Z
5913df0.42e8: LastWriteTime: 2013-01-20T14:59:04.000000000Z
5923df0.42e8: ChangeTime: 2016-02-26T15:31:32.816587300Z
5933df0.42e8: FileAttributes: 0x20
5943df0.42e8: Size: 0x1fbd8
5953df0.42e8: NT Headers: 0xe8
5963df0.42e8: Timestamp: 0x5091a992
5973df0.42e8: Machine: 0x8664 - amd64
5983df0.42e8: Timestamp: 0x5091a992
5993df0.42e8: Image Version: 6.2
6003df0.42e8: SizeOfImage: 0x21000 (135168)
6013df0.42e8: Resource Dir: 0x1e000 LB 0x1930
6023df0.42e8: ProductName: Microsoft Malware Protection
6033df0.42e8: ProductVersion: 4.2.0206.0
6043df0.42e8: FileVersion: 4.2.0206.0
6053df0.42e8: FileDescription: Microsoft Network Realtime Inspection Driver
6063df0.42e8: \SystemRoot\System32\drivers\cmdguard.sys:
6073df0.42e8: CreationTime: 2013-06-18T14:16:10.000000000Z
6083df0.42e8: LastWriteTime: 2015-08-05T00:31:21.096400000Z
6093df0.42e8: ChangeTime: 2016-02-26T15:31:27.385276700Z
6103df0.42e8: FileAttributes: 0x20
6113df0.42e8: Size: 0xc4c90
6123df0.42e8: NT Headers: 0xf0
6133df0.42e8: Timestamp: 0x55c148e6
6143df0.42e8: Machine: 0x8664 - amd64
6153df0.42e8: Timestamp: 0x55c148e6
6163df0.42e8: Image Version: 6.1
6173df0.42e8: SizeOfImage: 0xd2000 (860160)
6183df0.42e8: Resource Dir: 0xcf000 LB 0x3e8
6193df0.42e8: ProductName: COMODO Internet Security Sandbox Driver
6203df0.42e8: ProductVersion: 8, 2, 0, 4674
6213df0.42e8: FileVersion: 8, 2, 0, 4674 built by: WinDDK
6223df0.42e8: FileDescription: COMODO Internet Security Sandbox Driver
6233df0.42e8: \SystemRoot\System32\drivers\cmderd.sys:
6243df0.42e8: CreationTime: 2013-06-18T14:16:08.000000000Z
6253df0.42e8: LastWriteTime: 2015-08-05T00:31:18.085600000Z
6263df0.42e8: ChangeTime: 2016-02-26T15:31:27.385276700Z
6273df0.42e8: FileAttributes: 0x20
6283df0.42e8: Size: 0x52c0
6293df0.42e8: NT Headers: 0xe0
6303df0.42e8: Timestamp: 0x55c148b6
6313df0.42e8: Machine: 0x8664 - amd64
6323df0.42e8: Timestamp: 0x55c148b6
6333df0.42e8: Image Version: 6.1
6343df0.42e8: SizeOfImage: 0x9000 (36864)
6353df0.42e8: Resource Dir: 0x7000 LB 0x3f0
6363df0.42e8: ProductName: COMODO Internet Security Eradication Driver
6373df0.42e8: ProductVersion: 8, 2, 0, 4674
6383df0.42e8: FileVersion: 8, 2, 0, 4674 built by: WinDDK
6393df0.42e8: FileDescription: COMODO Internet Security Eradication Driver
6403df0.42e8: \SystemRoot\System32\drivers\inspect.sys:
6413df0.42e8: CreationTime: 2013-06-18T14:16:12.000000000Z
6423df0.42e8: LastWriteTime: 2015-08-05T00:31:27.118000000Z
6433df0.42e8: ChangeTime: 2016-02-26T15:31:27.419278600Z
6443df0.42e8: FileAttributes: 0x20
6453df0.42e8: Size: 0x19a88
6463df0.42e8: NT Headers: 0xe0
6473df0.42e8: Timestamp: 0x55c148be
6483df0.42e8: Machine: 0x8664 - amd64
6493df0.42e8: Timestamp: 0x55c148be
6503df0.42e8: Image Version: 6.1
6513df0.42e8: SizeOfImage: 0x1d000 (118784)
6523df0.42e8: Resource Dir: 0x1b000 LB 0x3e8
6533df0.42e8: ProductName: COMODO Internet Security Firewall Driver
6543df0.42e8: ProductVersion: 8, 2, 0, 4674
6553df0.42e8: FileVersion: 8, 2, 0, 4674 built by: WinDDK
6563df0.42e8: FileDescription: COMODO Internet Security Firewall Driver
6573df0.42e8: \SystemRoot\System32\drivers\cmdhlp.sys:
6583df0.42e8: CreationTime: 2013-06-18T14:16:10.000000000Z
6593df0.42e8: LastWriteTime: 2015-08-05T00:31:24.060400000Z
6603df0.42e8: ChangeTime: 2016-02-26T15:31:27.386276700Z
6613df0.42e8: FileAttributes: 0x20
6623df0.42e8: Size: 0xb320
6633df0.42e8: NT Headers: 0xe8
6643df0.42e8: Timestamp: 0x55c148c7
6653df0.42e8: Machine: 0x8664 - amd64
6663df0.42e8: Timestamp: 0x55c148c7
6673df0.42e8: Image Version: 6.1
6683df0.42e8: SizeOfImage: 0xd000 (53248)
6693df0.42e8: Resource Dir: 0xc000 LB 0x3e0
6703df0.42e8: ProductName: COMODO Internet Security Helper Driver
6713df0.42e8: ProductVersion: 8, 2, 0, 4674
6723df0.42e8: FileVersion: 8, 2, 0, 4674 built by: WinDDK
6733df0.42e8: FileDescription: COMODO Internet Security Helper Driver
6743df0.42e8: \SystemRoot\System32\guard64.dll:
6753df0.42e8: CreationTime: 2013-06-18T14:15:48.000000000Z
6763df0.42e8: LastWriteTime: 2015-09-03T11:52:00.103200000Z
6773df0.42e8: ChangeTime: 2016-02-26T15:30:54.406390400Z
6783df0.42e8: FileAttributes: 0x20
6793df0.42e8: Size: 0x8d750
6803df0.42e8: NT Headers: 0x118
6813df0.42e8: Timestamp: 0x55e818af
6823df0.42e8: Machine: 0x8664 - amd64
6833df0.42e8: Timestamp: 0x55e818af
6843df0.42e8: Image Version: 0.0
6853df0.42e8: SizeOfImage: 0x96000 (614400)
6863df0.42e8: Resource Dir: 0x93000 LB 0xd80
6873df0.42e8: ProductName: COMODO Internet Security
6883df0.42e8: ProductVersion: 8, 2, 0, 4703
6893df0.42e8: FileVersion: 8, 2, 0, 4703
6903df0.42e8: FileDescription: COMODO Internet Security
6913df0.42e8: \SystemRoot\System32\cmdvrt64.dll:
6923df0.42e8: CreationTime: 2013-06-18T14:15:40.000000000Z
6933df0.42e8: LastWriteTime: 2015-08-05T00:28:50.806000000Z
6943df0.42e8: ChangeTime: 2016-02-26T15:30:54.330386100Z
6953df0.42e8: FileAttributes: 0x20
6963df0.42e8: Size: 0x576c0
6973df0.42e8: NT Headers: 0x100
6983df0.42e8: Timestamp: 0x55c1491b
6993df0.42e8: Machine: 0x8664 - amd64
7003df0.42e8: Timestamp: 0x55c1491b
7013df0.42e8: Image Version: 0.0
7023df0.42e8: SizeOfImage: 0x5d000 (380928)
7033df0.42e8: Resource Dir: 0x5b000 LB 0x5ac
7043df0.42e8: ProductName: COMODO Internet Security
7053df0.42e8: ProductVersion: 8, 2, 0, 4674
7063df0.42e8: FileVersion: 8, 2, 0, 4674
7073df0.42e8: FileDescription: COMODO Internet Security
7083df0.42e8: \SystemRoot\System32\cmdkbd64.dll:
7093df0.42e8: CreationTime: 2013-06-18T14:15:40.000000000Z
7103df0.42e8: LastWriteTime: 2015-08-05T00:28:20.760400000Z
7113df0.42e8: ChangeTime: 2016-02-26T15:30:54.329386000Z
7123df0.42e8: FileAttributes: 0x20
7133df0.42e8: Size: 0xb2c0
7143df0.42e8: NT Headers: 0xe8
7153df0.42e8: Timestamp: 0x55c14914
7163df0.42e8: Machine: 0x8664 - amd64
7173df0.42e8: Timestamp: 0x55c14914
7183df0.42e8: Image Version: 0.0
7193df0.42e8: SizeOfImage: 0xf000 (61440)
7203df0.42e8: Resource Dir: 0xd000 LB 0x5ac
7213df0.42e8: ProductName: COMODO Internet Security
7223df0.42e8: ProductVersion: 8, 2, 0, 4674
7233df0.42e8: FileVersion: 8, 2, 0, 4674
7243df0.42e8: FileDescription: COMODO Internet Security
7253df0.42e8: \SystemRoot\System32\cmdcsr.dll:
7263df0.42e8: CreationTime: 2013-06-18T14:15:50.000000000Z
7273df0.42e8: LastWriteTime: 2015-08-05T00:29:56.903200000Z
7283df0.42e8: ChangeTime: 2016-02-26T15:30:54.329386000Z
7293df0.42e8: FileAttributes: 0x20
7303df0.42e8: Size: 0xa108
7313df0.42e8: NT Headers: 0xd8
7323df0.42e8: Timestamp: 0x55c14910
7333df0.42e8: Machine: 0x8664 - amd64
7343df0.42e8: Timestamp: 0x55c14910
7353df0.42e8: Image Version: 0.0
7363df0.42e8: SizeOfImage: 0xc000 (49152)
7373df0.42e8: Resource Dir: 0xa000 LB 0x4a8
7383df0.42e8: ProductName: COMODO Internet Security
7393df0.42e8: ProductVersion: 8, 2, 0, 4674
7403df0.42e8: FileVersion: 8, 2, 0, 4674
7413df0.42e8: FileDescription: COMODO Internet Security
7423df0.42e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7433df0.42e8: Calling main()
7443df0.42e8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7453df0.42e8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7463df0.42e8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7473df0.42e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7483df0.42e8: SUPR3HardenedMain: Respawn #2
7493df0.42e8: supR3HardNtEnableThreadCreation:
7503df0.42e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
7513df0.42e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7523df0.42e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
7533df0.42e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
7543df0.42e8: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
7553df0.42e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
7563df0.42e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\apphelp.dll'
7573df0.42e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a0e0 pvNtTerminateThread=000000007768c060
7583df0.42e8: supR3HardenedWinDoReSpawn(2): New child 4398.3f34 [kernel32].
7593df0.42e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
7603df0.42e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077640000 uNtDllChildAddr=0000000077640000
7613df0.42e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007766a0e0
7623df0.42e8: supR3HardenedWinSetupChildInit: Start child.
7633df0.42e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7643df0.42e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
7653df0.42e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7663df0.42e8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
7673df0.42e8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
7683df0.42e8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
7693df0.42e8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
7703df0.42e8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
7713df0.42e8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
7723df0.42e8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
7733df0.42e8: 0000000000051000-fffffffffffb1fff 0x0001/0x0000 0x0000000
7743df0.42e8: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
7753df0.42e8: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000
7763df0.42e8: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000
7773df0.42e8: 00000000001f0000-ffffffff88d9ffff 0x0001/0x0000 0x0000000
7783df0.42e8: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7793df0.42e8: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7803df0.42e8: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7813df0.42e8: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7823df0.42e8: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7833df0.42e8: 0000000077778000-000000007777afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7843df0.42e8: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7853df0.42e8: 00000000777ea000-0000000070003fff 0x0001/0x0000 0x0000000
7863df0.42e8: *000000007efd0000-000000007efc1fff 0x0040/0x0040 0x0020000 !!
7873df0.42e8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000007efd0000 (LB 0xe000, 000000007efd0000 LB 0xe000)
7883df0.42e8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000007efd0000/000000007efd0000 LB 0/0xe000]
7893df0.42e8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000007efd0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
7903df0.42e8: 000000007efde000-000000007efdbfff 0x0001/0x0000 0x0000000
7913df0.42e8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
7923df0.42e8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
7933df0.42e8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
7943df0.42e8: 000000007fff0000-ffffffffc0f2ffff 0x0001/0x0000 0x0000000
7953df0.42e8: *000000013f0b0000-000000013f0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7963df0.42e8: 000000013f0b1000-000000013f137fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7973df0.42e8: 000000013f138000-000000013f138fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7983df0.42e8: 000000013f139000-000000013f183fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7993df0.42e8: 000000013f184000-000000013f184fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8003df0.42e8: 000000013f185000-000000013f185fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8013df0.42e8: 000000013f186000-000000013f18afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8023df0.42e8: 000000013f18b000-000000013f18bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8033df0.42e8: 000000013f18c000-000000013f18cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8043df0.42e8: 000000013f18d000-000000013f190fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8053df0.42e8: 000000013f191000-000000013f1dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8063df0.42e8: 000000013f1dc000-fffff8037ea57fff 0x0001/0x0000 0x0000000
8073df0.42e8: *000007feff960000-000007feff960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
8083df0.42e8: 000007feff961000-000007fdff311fff 0x0001/0x0000 0x0000000
8093df0.42e8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
8103df0.42e8: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
8113df0.42e8: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
8123df0.42e8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
8133df0.42e8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
8143df0.42e8: apisetschema.dll: timestamp 0x56a1c9c8 (rc=VINF_SUCCESS)
8153df0.42e8: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
8163df0.42e8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8173df0.42e8: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
8183df0.42e8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
8193df0.42e8: ntdll.dll: Differences in section #1 (.text) between file and memory:
8203df0.42e8: 000000007768d340 / 0x004d340: 4c != e9
8213df0.42e8: 000000007768d341 / 0x004d341: 8b != bb
8223df0.42e8: 000000007768d342 / 0x004d342: d1 != 2c
8233df0.42e8: 000000007768d343 / 0x004d343: b8 != 94
8243df0.42e8: 000000007768d344 / 0x004d344: 7e != 07
8253df0.42e8: Restored 0x2000 bytes of original file content at 000000007768c0ee
8263df0.42e8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0xc88 cPatchCount=0
8273df0.42e8: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 64 sleeps
8283df0.42e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
8293df0.42e8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
8303df0.42e8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
8313df0.42e8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
8323df0.42e8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
8333df0.42e8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
8343df0.42e8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
8353df0.42e8: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
8363df0.42e8: 0000000000051000-fffffffffffb1fff 0x0001/0x0000 0x0000000
8373df0.42e8: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
8383df0.42e8: 00000000001ec000-00000000001e8fff 0x0104/0x0004 0x0020000
8393df0.42e8: 00000000001ef000-00000000001edfff 0x0004/0x0004 0x0020000
8403df0.42e8: 00000000001f0000-ffffffff88d9ffff 0x0001/0x0000 0x0000000
8413df0.42e8: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8423df0.42e8: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8433df0.42e8: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8443df0.42e8: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8453df0.42e8: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8463df0.42e8: 0000000077778000-0000000077778fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8473df0.42e8: 0000000077779000-000000007777afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8483df0.42e8: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
8493df0.42e8: 00000000777ea000-000000006fff3fff 0x0001/0x0000 0x0000000
8503df0.42e8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
8513df0.42e8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
8523df0.42e8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
8533df0.42e8: 000000007fff0000-ffffffffc0f2ffff 0x0001/0x0000 0x0000000
8543df0.42e8: *000000013f0b0000-000000013f0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8553df0.42e8: 000000013f0b1000-000000013f137fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8563df0.42e8: 000000013f138000-000000013f138fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8573df0.42e8: 000000013f139000-000000013f183fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8583df0.42e8: 000000013f184000-000000013f190fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8593df0.42e8: 000000013f191000-000000013f1dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8603df0.42e8: 000000013f1dc000-fffff8037ea57fff 0x0001/0x0000 0x0000000
8613df0.42e8: *000007feff960000-000007feff960fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
8623df0.42e8: 000007feff961000-000007fdff311fff 0x0001/0x0000 0x0000000
8633df0.42e8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
8643df0.42e8: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
8653df0.42e8: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
8663df0.42e8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
8673df0.42e8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
8683df0.42e8: supR3HardNtChildPurify: Done after 1325 ms and 2 fixes (loop #1).
8694398.3f34: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
8704398.3f34: supR3HardenedVmProcessInit: uNtDllAddr=0000000077640000 g_uNtVerCombined=0x611db100
8714398.3f34: ntdll.dll: timestamp 0x56a1cb4e (rc=VINF_SUCCESS)
8724398.3f34: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1744896 allocation)
8733df0.42e8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
8743df0.42e8: supR3HardNtEnableThreadCreation:
8754398.3f34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8764398.3f34: System32: \Device\HarddiskVolume3\Windows\System32
8774398.3f34: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
8784398.3f34: KnownDllPath: C:\Windows\system32
8794398.3f34: supR3HardenedVmProcessInit: Opening vboxdrv...
8804398.3f34: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
8814398.3f34: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
8824398.3f34: Registered Dll notification callback with NTDLL.
8834398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
8844398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
8854398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
8864398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8874398.3f34: supR3HardenedDllNotificationCallback: load 0000000077420000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
8884398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8894398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd440000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
8904398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
8914398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
8924398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077420000 'C:\Windows\system32\kernel32.dll'
8934398.3f34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a0e0 pvNtTerminateThread=000000007768c060
8943df0.42e8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 40 ms.
8954398.3f34: \SystemRoot\System32\ntdll.dll:
8964398.3f34: CreationTime: 2016-03-08T13:25:29.954654100Z
8974398.3f34: LastWriteTime: 2016-01-22T06:30:15.875675000Z
8984398.3f34: ChangeTime: 2016-03-08T13:58:26.681716400Z
8994398.3f34: FileAttributes: 0x20
9004398.3f34: Size: 0x1a71d8
9014398.3f34: NT Headers: 0xe0
9024398.3f34: Timestamp: 0x56a1cb4e
9034398.3f34: Machine: 0x8664 - amd64
9044398.3f34: Timestamp: 0x56a1cb4e
9054398.3f34: Image Version: 6.1
9064398.3f34: SizeOfImage: 0x1aa000 (1744896)
9074398.3f34: Resource Dir: 0x14e000 LB 0x5a028
9084398.3f34: ProductName: Microsoft® Windows® Operating System
9094398.3f34: ProductVersion: 6.1.7601.23338
9104398.3f34: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
9114398.3f34: FileDescription: NT Layer DLL
9124398.3f34: \SystemRoot\System32\kernel32.dll:
9134398.3f34: CreationTime: 2016-03-08T13:25:28.424566600Z
9144398.3f34: LastWriteTime: 2016-01-22T06:28:09.279000000Z
9154398.3f34: ChangeTime: 2016-03-08T13:58:26.782722200Z
9164398.3f34: FileAttributes: 0x20
9174398.3f34: Size: 0x11c400
9184398.3f34: NT Headers: 0xe0
9194398.3f34: Timestamp: 0x56a1cb25
9204398.3f34: Machine: 0x8664 - amd64
9214398.3f34: Timestamp: 0x56a1cb25
9224398.3f34: Image Version: 6.1
9234398.3f34: SizeOfImage: 0x11f000 (1175552)
9244398.3f34: Resource Dir: 0x116000 LB 0x528
9254398.3f34: ProductName: Microsoft® Windows® Operating System
9264398.3f34: ProductVersion: 6.1.7601.23338
9274398.3f34: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
9284398.3f34: FileDescription: Windows NT BASE API Client DLL
9294398.3f34: \SystemRoot\System32\KernelBase.dll:
9304398.3f34: CreationTime: 2016-03-08T13:25:28.237555900Z
9314398.3f34: LastWriteTime: 2016-01-22T06:28:09.279000000Z
9324398.3f34: ChangeTime: 2016-03-08T13:58:26.784722300Z
9334398.3f34: FileAttributes: 0x20
9344398.3f34: Size: 0x66800
9354398.3f34: NT Headers: 0xe8
9364398.3f34: Timestamp: 0x56a1cb26
9374398.3f34: Machine: 0x8664 - amd64
9384398.3f34: Timestamp: 0x56a1cb26
9394398.3f34: Image Version: 6.1
9404398.3f34: SizeOfImage: 0x6a000 (434176)
9414398.3f34: Resource Dir: 0x68000 LB 0x530
9424398.3f34: ProductName: Microsoft® Windows® Operating System
9434398.3f34: ProductVersion: 6.1.7601.23338
9444398.3f34: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
9454398.3f34: FileDescription: Windows NT BASE API Client DLL
9464398.3f34: \SystemRoot\System32\apisetschema.dll:
9474398.3f34: CreationTime: 2016-03-08T13:25:23.949310600Z
9484398.3f34: LastWriteTime: 2016-01-22T06:17:43.259000000Z
9494398.3f34: ChangeTime: 2016-03-08T13:58:26.674716000Z
9504398.3f34: FileAttributes: 0x20
9514398.3f34: Size: 0x1a00
9524398.3f34: NT Headers: 0xc0
9534398.3f34: Timestamp: 0x56a1c9c8
9544398.3f34: Machine: 0x8664 - amd64
9554398.3f34: Timestamp: 0x56a1c9c8
9564398.3f34: Image Version: 6.1
9574398.3f34: SizeOfImage: 0x50000 (327680)
9584398.3f34: Resource Dir: 0x30000 LB 0x3f8
9594398.3f34: ProductName: Microsoft® Windows® Operating System
9604398.3f34: ProductVersion: 6.1.7601.23338
9614398.3f34: FileVersion: 6.1.7601.23338 (win7sp1_ldr.160121-1716)
9624398.3f34: FileDescription: ApiSet Schema DLL
9634398.3f34: Found driver NisDrv (0x400)
9644398.3f34: Found driver inspect (0x800)
9654398.3f34: Found driver cmdHlp (0x800)
9664398.3f34: supR3HardenedWinFindAdversaries: 0xc88
9674398.3f34: \SystemRoot\System32\drivers\tmcomm.sys:
9684398.3f34: CreationTime: 2015-09-19T13:59:55.638303700Z
9694398.3f34: LastWriteTime: 2015-10-31T01:02:12.425283900Z
9704398.3f34: ChangeTime: 2016-02-26T15:31:27.463281200Z
9714398.3f34: FileAttributes: 0x20
9724398.3f34: Size: 0x4b098
9734398.3f34: NT Headers: 0xe8
9744398.3f34: Timestamp: 0x5568186c
9754398.3f34: Machine: 0x8664 - amd64
9764398.3f34: Timestamp: 0x5568186c
9774398.3f34: Image Version: 6.0
9784398.3f34: SizeOfImage: 0x4f000 (323584)
9794398.3f34: Resource Dir: 0x4d000 LB 0x760
9804398.3f34: ProductName: Trend Micro Eyes
9814398.3f34: ProductVersion: 6.50
9824398.3f34: FileVersion: 6.50.0.1058
9834398.3f34: SpecialBuild: 1058
9844398.3f34: PrivateBuild: Build 1058 - 5/29/2015
9854398.3f34: FileDescription: TrendMicro Common Module
9864398.3f34: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
9874398.3f34: CreationTime: 2015-10-11T15:21:21.883197800Z
9884398.3f34: LastWriteTime: 2015-10-11T15:21:21.884197800Z
9894398.3f34: ChangeTime: 2016-02-26T15:31:27.423278900Z
9904398.3f34: FileAttributes: 0x20
9914398.3f34: Size: 0x2eed8
9924398.3f34: NT Headers: 0xe0
9934398.3f34: Timestamp: 0x55b855d9
9944398.3f34: Machine: 0x8664 - amd64
9954398.3f34: Timestamp: 0x55b855d9
9964398.3f34: Image Version: 6.1
9974398.3f34: SizeOfImage: 0x33000 (208896)
9984398.3f34: Resource Dir: 0x31000 LB 0x3b8
9994398.3f34: ProductName: Malwarebytes Anti-Malware
10004398.3f34: ProductVersion: 0.3.0.0
10014398.3f34: FileVersion: 0.3.0.0
10024398.3f34: FileDescription: Malwarebytes Anti-Malware
10034398.3f34: \SystemRoot\System32\drivers\mbamchameleon.sys:
10044398.3f34: CreationTime: 2015-10-11T15:17:02.592367200Z
10054398.3f34: LastWriteTime: 2015-10-11T15:17:02.678372100Z
10064398.3f34: ChangeTime: 2016-02-26T15:31:27.423278900Z
10074398.3f34: FileAttributes: 0x20
10084398.3f34: Size: 0x1aad8
10094398.3f34: NT Headers: 0xd8
10104398.3f34: Timestamp: 0x55c103c3
10114398.3f34: Machine: 0x8664 - amd64
10124398.3f34: Timestamp: 0x55c103c3
10134398.3f34: Image Version: 6.1
10144398.3f34: SizeOfImage: 0x1e000 (122880)
10154398.3f34: Resource Dir: 0x1c000 LB 0xba8
10164398.3f34: ProductName: Malwarebytes Chameleon
10174398.3f34: ProductVersion: 1.1.21.0
10184398.3f34: FileVersion: 1.1.21.0
10194398.3f34: FileDescription: Malwarebytes Chameleon Protection Driver
10204398.3f34: \SystemRoot\System32\drivers\MpFilter.sys:
10214398.3f34: CreationTime: 2013-01-20T14:59:04.000000000Z
10224398.3f34: LastWriteTime: 2013-01-20T14:59:04.000000000Z
10234398.3f34: ChangeTime: 2016-02-26T15:31:32.804586700Z
10244398.3f34: FileAttributes: 0x20
10254398.3f34: Size: 0x383b0
10264398.3f34: NT Headers: 0xe8
10274398.3f34: Timestamp: 0x5091a97a
10284398.3f34: Machine: 0x8664 - amd64
10294398.3f34: Timestamp: 0x5091a97a
10304398.3f34: Image Version: 6.2
10314398.3f34: SizeOfImage: 0x38000 (229376)
10324398.3f34: Resource Dir: 0x36000 LB 0x928
10334398.3f34: ProductName: Microsoft Malware Protection
10344398.3f34: ProductVersion: 4.2.0206.0
10354398.3f34: FileVersion: 4.2.0206.0
10364398.3f34: FileDescription: Microsoft antimalware file system filter driver
10374398.3f34: \SystemRoot\System32\drivers\NisDrvWFP.sys:
10384398.3f34: CreationTime: 2010-10-24T20:25:38.000000000Z
10394398.3f34: LastWriteTime: 2013-01-20T14:59:04.000000000Z
10404398.3f34: ChangeTime: 2016-02-26T15:31:32.816587300Z
10414398.3f34: FileAttributes: 0x20
10424398.3f34: Size: 0x1fbd8
10434398.3f34: NT Headers: 0xe8
10444398.3f34: Timestamp: 0x5091a992
10454398.3f34: Machine: 0x8664 - amd64
10464398.3f34: Timestamp: 0x5091a992
10474398.3f34: Image Version: 6.2
10484398.3f34: SizeOfImage: 0x21000 (135168)
10494398.3f34: Resource Dir: 0x1e000 LB 0x1930
10504398.3f34: ProductName: Microsoft Malware Protection
10514398.3f34: ProductVersion: 4.2.0206.0
10524398.3f34: FileVersion: 4.2.0206.0
10534398.3f34: FileDescription: Microsoft Network Realtime Inspection Driver
10544398.3f34: \SystemRoot\System32\drivers\cmdguard.sys:
10554398.3f34: CreationTime: 2013-06-18T14:16:10.000000000Z
10564398.3f34: LastWriteTime: 2015-08-05T00:31:21.096400000Z
10574398.3f34: ChangeTime: 2016-02-26T15:31:27.385276700Z
10584398.3f34: FileAttributes: 0x20
10594398.3f34: Size: 0xc4c90
10604398.3f34: NT Headers: 0xf0
10614398.3f34: Timestamp: 0x55c148e6
10624398.3f34: Machine: 0x8664 - amd64
10634398.3f34: Timestamp: 0x55c148e6
10644398.3f34: Image Version: 6.1
10654398.3f34: SizeOfImage: 0xd2000 (860160)
10664398.3f34: Resource Dir: 0xcf000 LB 0x3e8
10674398.3f34: ProductName: COMODO Internet Security Sandbox Driver
10684398.3f34: ProductVersion: 8, 2, 0, 4674
10694398.3f34: FileVersion: 8, 2, 0, 4674 built by: WinDDK
10704398.3f34: FileDescription: COMODO Internet Security Sandbox Driver
10714398.3f34: \SystemRoot\System32\drivers\cmderd.sys:
10724398.3f34: CreationTime: 2013-06-18T14:16:08.000000000Z
10734398.3f34: LastWriteTime: 2015-08-05T00:31:18.085600000Z
10744398.3f34: ChangeTime: 2016-02-26T15:31:27.385276700Z
10754398.3f34: FileAttributes: 0x20
10764398.3f34: Size: 0x52c0
10774398.3f34: NT Headers: 0xe0
10784398.3f34: Timestamp: 0x55c148b6
10794398.3f34: Machine: 0x8664 - amd64
10804398.3f34: Timestamp: 0x55c148b6
10814398.3f34: Image Version: 6.1
10824398.3f34: SizeOfImage: 0x9000 (36864)
10834398.3f34: Resource Dir: 0x7000 LB 0x3f0
10844398.3f34: ProductName: COMODO Internet Security Eradication Driver
10854398.3f34: ProductVersion: 8, 2, 0, 4674
10864398.3f34: FileVersion: 8, 2, 0, 4674 built by: WinDDK
10874398.3f34: FileDescription: COMODO Internet Security Eradication Driver
10884398.3f34: \SystemRoot\System32\drivers\inspect.sys:
10894398.3f34: CreationTime: 2013-06-18T14:16:12.000000000Z
10904398.3f34: LastWriteTime: 2015-08-05T00:31:27.118000000Z
10914398.3f34: ChangeTime: 2016-02-26T15:31:27.419278600Z
10924398.3f34: FileAttributes: 0x20
10934398.3f34: Size: 0x19a88
10944398.3f34: NT Headers: 0xe0
10954398.3f34: Timestamp: 0x55c148be
10964398.3f34: Machine: 0x8664 - amd64
10974398.3f34: Timestamp: 0x55c148be
10984398.3f34: Image Version: 6.1
10994398.3f34: SizeOfImage: 0x1d000 (118784)
11004398.3f34: Resource Dir: 0x1b000 LB 0x3e8
11014398.3f34: ProductName: COMODO Internet Security Firewall Driver
11024398.3f34: ProductVersion: 8, 2, 0, 4674
11034398.3f34: FileVersion: 8, 2, 0, 4674 built by: WinDDK
11044398.3f34: FileDescription: COMODO Internet Security Firewall Driver
11054398.3f34: \SystemRoot\System32\drivers\cmdhlp.sys:
11064398.3f34: CreationTime: 2013-06-18T14:16:10.000000000Z
11074398.3f34: LastWriteTime: 2015-08-05T00:31:24.060400000Z
11084398.3f34: ChangeTime: 2016-02-26T15:31:27.386276700Z
11094398.3f34: FileAttributes: 0x20
11104398.3f34: Size: 0xb320
11114398.3f34: NT Headers: 0xe8
11124398.3f34: Timestamp: 0x55c148c7
11134398.3f34: Machine: 0x8664 - amd64
11144398.3f34: Timestamp: 0x55c148c7
11154398.3f34: Image Version: 6.1
11164398.3f34: SizeOfImage: 0xd000 (53248)
11174398.3f34: Resource Dir: 0xc000 LB 0x3e0
11184398.3f34: ProductName: COMODO Internet Security Helper Driver
11194398.3f34: ProductVersion: 8, 2, 0, 4674
11204398.3f34: FileVersion: 8, 2, 0, 4674 built by: WinDDK
11214398.3f34: FileDescription: COMODO Internet Security Helper Driver
11224398.3f34: \SystemRoot\System32\guard64.dll:
11234398.3f34: CreationTime: 2013-06-18T14:15:48.000000000Z
11244398.3f34: LastWriteTime: 2015-09-03T11:52:00.103200000Z
11254398.3f34: ChangeTime: 2016-02-26T15:30:54.406390400Z
11264398.3f34: FileAttributes: 0x20
11274398.3f34: Size: 0x8d750
11284398.3f34: NT Headers: 0x118
11294398.3f34: Timestamp: 0x55e818af
11304398.3f34: Machine: 0x8664 - amd64
11314398.3f34: Timestamp: 0x55e818af
11324398.3f34: Image Version: 0.0
11334398.3f34: SizeOfImage: 0x96000 (614400)
11344398.3f34: Resource Dir: 0x93000 LB 0xd80
11354398.3f34: ProductName: COMODO Internet Security
11364398.3f34: ProductVersion: 8, 2, 0, 4703
11374398.3f34: FileVersion: 8, 2, 0, 4703
11384398.3f34: FileDescription: COMODO Internet Security
11394398.3f34: \SystemRoot\System32\cmdvrt64.dll:
11404398.3f34: CreationTime: 2013-06-18T14:15:40.000000000Z
11414398.3f34: LastWriteTime: 2015-08-05T00:28:50.806000000Z
11424398.3f34: ChangeTime: 2016-02-26T15:30:54.330386100Z
11434398.3f34: FileAttributes: 0x20
11444398.3f34: Size: 0x576c0
11454398.3f34: NT Headers: 0x100
11464398.3f34: Timestamp: 0x55c1491b
11474398.3f34: Machine: 0x8664 - amd64
11484398.3f34: Timestamp: 0x55c1491b
11494398.3f34: Image Version: 0.0
11504398.3f34: SizeOfImage: 0x5d000 (380928)
11514398.3f34: Resource Dir: 0x5b000 LB 0x5ac
11524398.3f34: ProductName: COMODO Internet Security
11534398.3f34: ProductVersion: 8, 2, 0, 4674
11544398.3f34: FileVersion: 8, 2, 0, 4674
11554398.3f34: FileDescription: COMODO Internet Security
11564398.3f34: \SystemRoot\System32\cmdkbd64.dll:
11574398.3f34: CreationTime: 2013-06-18T14:15:40.000000000Z
11584398.3f34: LastWriteTime: 2015-08-05T00:28:20.760400000Z
11594398.3f34: ChangeTime: 2016-02-26T15:30:54.329386000Z
11604398.3f34: FileAttributes: 0x20
11614398.3f34: Size: 0xb2c0
11624398.3f34: NT Headers: 0xe8
11634398.3f34: Timestamp: 0x55c14914
11644398.3f34: Machine: 0x8664 - amd64
11654398.3f34: Timestamp: 0x55c14914
11664398.3f34: Image Version: 0.0
11674398.3f34: SizeOfImage: 0xf000 (61440)
11684398.3f34: Resource Dir: 0xd000 LB 0x5ac
11694398.3f34: ProductName: COMODO Internet Security
11704398.3f34: ProductVersion: 8, 2, 0, 4674
11714398.3f34: FileVersion: 8, 2, 0, 4674
11724398.3f34: FileDescription: COMODO Internet Security
11734398.3f34: \SystemRoot\System32\cmdcsr.dll:
11744398.3f34: CreationTime: 2013-06-18T14:15:50.000000000Z
11754398.3f34: LastWriteTime: 2015-08-05T00:29:56.903200000Z
11764398.3f34: ChangeTime: 2016-02-26T15:30:54.329386000Z
11774398.3f34: FileAttributes: 0x20
11784398.3f34: Size: 0xa108
11794398.3f34: NT Headers: 0xd8
11804398.3f34: Timestamp: 0x55c14910
11814398.3f34: Machine: 0x8664 - amd64
11824398.3f34: Timestamp: 0x55c14910
11834398.3f34: Image Version: 0.0
11844398.3f34: SizeOfImage: 0xc000 (49152)
11854398.3f34: Resource Dir: 0xa000 LB 0x4a8
11864398.3f34: ProductName: COMODO Internet Security
11874398.3f34: ProductVersion: 8, 2, 0, 4674
11884398.3f34: FileVersion: 8, 2, 0, 4674
11894398.3f34: FileDescription: COMODO Internet Security
11904398.3f34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
11914398.3f34: Calling main()
11924398.3f34: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
11934398.3f34: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
11944398.3f34: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
11954398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
11964398.3f34: SUPR3HardenedMain: Final process, opening VBoxDrv...
11974398.3f34: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
11984398.3f34: supR3HardNtEnableThreadCreation:
11994398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
12004398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
12014398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb181:<flags> [calling]
12024398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
12034398.3f34: supR3HardenedDllNotificationCallback: load 000007fefaf50000 LB 0x00005000 E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
12044398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
12054398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
12064398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e8901:<flags> [calling]
12074398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
12084398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
12094398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e8901:<flags> [calling]
12104398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
12114398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'E:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
12124398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12134398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
12144398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
12154398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
12164398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
12174398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
12184398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12204398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
12214398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12224398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
12234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
12244398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
12254398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
12264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12284398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12294398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
12304398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
12314398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12324398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12334398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12344398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
12354398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12364398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
12374398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
12384398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
12394398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12404398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12414398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12424398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecf91:<flags> [calling]
12434398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12444398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd500000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
12454398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12464398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
12474398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12484398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
12494398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12504398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd3c0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
12514398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
12524398.3f34: supR3HardenedDllNotificationCallback: load 000007fefda30000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
12534398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12544398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\Windows\system32\Wintrust.dll'
12554398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
12564398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
12574398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecf91:<flags> [calling]
12584398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12594398.3f34: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
12604398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12614398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\bcrypt.dll'
12624398.3f34: bcrypt.dll loaded at 000007fefcc80000, BCryptOpenAlgorithmProvider at 000007fefcc82640, preloading providers:
12634398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12644398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
12654398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
12664398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
12674398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12694398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12704398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12714398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12724398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12734398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
12744398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
12754398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
12764398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12774398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12784398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12794398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12804398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12814398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12824398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecf81:<flags> [calling]
12834398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
12844398.3f34: supR3HardenedDllNotificationCallback: load 000007fefc720000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
12854398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
12864398.3f34: supR3HardenedDllNotificationCallback: load 000007fefeee0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
12874398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12884398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12894398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
12904398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
12914398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
12924398.3f34: supR3HardenedDllNotificationCallback: load 000007feff930000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
12934398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
12944398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\Windows\system32\bcryptprimitives.dll'
12954398.3f34: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007ddce0)
12964398.3f34: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007dfba0)
12974398.3f34: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007dfcc0)
12984398.3f34: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007dfed0)
12994398.3f34: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007dfff0)
13004398.3f34: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007e0110)
13014398.3f34: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007e0350)
13024398.3f34: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007e0470)
13034398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
13044398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
13054398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13064398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13074398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13084398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13094398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13104398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13114398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecae1:<flags> [calling]
13124398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
13134398.3f34: supR3HardenedDllNotificationCallback: load 000007fefcb30000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
13144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
13154398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\Windows\system32\CRYPTSP.dll'
13164398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13174398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
13184398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
13194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13214398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13224398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eca71:<flags> [calling]
13234398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13244398.3f34: supR3HardenedDllNotificationCallback: load 000007fefc830000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
13254398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13264398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc830000 'C:\Windows\system32\rsaenh.dll'
13274398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13284398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec301:<flags> [calling]
13294398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
13304398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
13314398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
13324398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec681:<flags> [calling]
13334398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
13344398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
13354398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
13364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\Windows\system32\CRYPTBASE.dll'
13374398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
13384398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec0b1:<flags> [calling]
13394398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077420000 'C:\Windows\system32\kernel32.dll'
13404398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
13414398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eca41:<flags> [calling]
13424398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\Windows\system32\WINTRUST.DLL'
13434398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13444398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ec871:<flags> [calling]
13454398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\Windows\system32\CRYPT32.dll'
13464398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13474398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
13484398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
13494398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
13504398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13524398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13554398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13564398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec8c1:<flags> [calling]
13574398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
13584398.3f34: supR3HardenedDllNotificationCallback: load 000007fefedb0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
13594398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
13604398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefedb0000 'C:\Windows\system32\imagehlp.dll'
13614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
13624398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eca11:<flags> [calling]
13634398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\Windows\system32\CRYPTSP.dll'
13644398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13654398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13664398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13674398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13694398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13704398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
13714398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13724398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13734398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
13744398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
13754398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13764398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13774398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
13784398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
13794398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
13804398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13814398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13824398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13834398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
13844398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
13854398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13864398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
13874398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13884398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
13894398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
13904398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13914398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13924398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
13934398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13944398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13954398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13964398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13974398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13984398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13994398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14004398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14014398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14024398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14034398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14044398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14054398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec541:<flags> [calling]
14064398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14074398.3f34: supR3HardenedDllNotificationCallback: load 0000000077540000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
14084398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14094398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdc10000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
14104398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14114398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
14124398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
14134398.3f34: supR3HardenedDllNotificationCallback: load 000007fefec80000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
14144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
14154398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14164398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eba41:<flags> [calling]
14174398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc10000 'C:\Windows\system32\gdi32.dll'
14184398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
14194398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14204398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
14214398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
14224398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
14234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
14244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
14254398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14264398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
14274398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
14284398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
14294398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
14304398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
14314398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14324398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14334398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14344398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14354398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14364398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14374398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
14384398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
14394398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
14404398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14414398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14424398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14434398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14444398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14454398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14464398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14474398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14484398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14494398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb381:<flags> [calling]
14504398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
14514398.3f34: supR3HardenedDllNotificationCallback: load 000007fefee30000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
14524398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
14534398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
14544398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
14554398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\IMM32.DLL'
14564398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077540000 'C:\Windows\system32\USER32.dll'
14574398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
14584398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14594398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
14604398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
14614398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
14624398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
14634398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
14644398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
14654398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14664398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14674398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
14694398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
14704398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
14714398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec841:<flags> [calling]
14724398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
14734398.3f34: supR3HardenedDllNotificationCallback: load 000007fefccb0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
14744398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
14754398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccb0000 'C:\Windows\system32\ncrypt.dll'
14764398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
14774398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec631:<flags> [calling]
14784398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\bcrypt.dll'
14794398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14804398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
14814398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
14824398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
14834398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
14844398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
14854398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
14864398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14874398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
14884398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
14894398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14904398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14914398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14924398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14934398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14944398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14954398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14964398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14974398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14984398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebff1:<flags> [calling]
14994398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
15004398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd420000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
15014398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
15024398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
15034398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
15044398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\USERENV.dll'
15054398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebd51:<flags> [calling]
15064398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15074398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec0e1:<flags> [calling]
15084398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15094398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15104398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15114398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
15124398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
15134398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15144398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15154398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15164398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15174398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15184398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15194398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec311:<flags> [calling]
15204398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
15214398.3f34: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
15224398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
15234398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\system32\GPAPI.dll'
15244398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec261:<flags> [calling]
15254398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-WIN-Service-Management-L1-1-0.dll'
15264398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15274398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb961:<flags> [calling]
15284398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda30000 'C:\Windows\system32\rpcrt4.dll'
15294398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec241:<flags> [calling]
15304398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-WIN-Service-Management-L2-1-0.dll'
15314398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec251:<flags> [calling]
15324398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15334398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15344398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
15354398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
15364398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
15374398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
15384398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
15394398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
15404398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
15414398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15424398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
15434398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
15444398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
15454398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
15464398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
15474398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15484398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15494398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
15504398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15524398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15554398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15564398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebd31:<flags> [calling]
15574398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15584398.3f34: supR3HardenedDllNotificationCallback: load 000007fefbe30000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
15594398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15604398.3f34: supR3HardenedDllNotificationCallback: load 000007fefed50000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
15614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
15624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15634398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15644398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15654398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15664398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15674398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15684398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15694398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15704398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15714398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15724398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15734398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15744398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15754398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15764398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15774398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15784398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaf61:<flags> [calling]
15794398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15804398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15814398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15824398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15834398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15844398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15854398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15864398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15874398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15884398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15894398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15904398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
15914398.3f34: \Device\HarddiskVolume3\Windows\System32\certsentry.dll: Owner is administrators group.
15924398.3f34: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume3\Windows\System32\certsentry.dll)
15934398.3f34: Error (rc=0):
15944398.3f34: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\certsentry.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume3\Windows\System32\certsentry.dll
15954398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\certsentry.dll
15964398.3f34: Error (rc=0):
15974398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
15984398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
15994398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16004398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\Windows\system32\cryptnet.dll'
16014398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001eb6a1:<flags> [calling]
16024398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
16034398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
16044398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb6a1:<flags> [calling]
16054398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\profapi.dll'
16064398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16074398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16084398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
16094398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
16104398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
16114398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16124398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16134398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
16144398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16154398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16164398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16174398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16184398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16194398.3f34: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
16204398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb141:<flags> [calling]
16214398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
16224398.3f34: supR3HardenedDllNotificationCallback: load 000007fefee60000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
16234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
16244398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\SHLWAPI.dll'
16254398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16264398.3f34: Error (rc=0):
16274398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16284398.3f34: Error (rc=0):
16294398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16304398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16324398.3f34: Error (rc=0):
16334398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16344398.3f34: Error (rc=0):
16354398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16374398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16384398.3f34: Error (rc=0):
16394398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16404398.3f34: Error (rc=0):
16414398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16424398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16434398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
16444398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000866ce0
16454398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
16464398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2918C93F10286B13277A3032C051E5F80F48D246
16474398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec001:<flags> [calling]
16484398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
16494398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebb61:<flags> [calling]
16504398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-WIN-Service-Management-L1-1-0.dll'
16514398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebb61:<flags> [calling]
16524398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
16534398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
16544398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec001:<flags> [calling]
16554398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
16564398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebfb1:<flags> [calling]
16574398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
16584398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebca1:<flags> [calling]
16594398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff930000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
16604398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16614398.3f34: Error (rc=0):
16624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16634398.3f34: Error (rc=0):
16644398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16654398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16664398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16674398.3f34: Error (rc=0):
16684398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16694398.3f34: Error (rc=0):
16704398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16714398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16724398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
16734398.3f34: g_pfnWinVerifyTrust=000007fefd501010
16744398.3f34: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
16754398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
16764398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
16774398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
16784398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
16794398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16804398.3f34: Error (rc=0):
16814398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16824398.3f34: Error (rc=0):
16834398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16844398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16854398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
16864398.3f34: Error (rc=0):
16874398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
16884398.3f34: Error (rc=0):
16894398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
16904398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
16914398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
16924398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16934398.3f34: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
16944398.3f34: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
16954398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
16964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
16974398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
16984398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
16994398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17004398.3f34: Error (rc=0):
17014398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
17024398.3f34: Error (rc=0):
17034398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
17044398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
17054398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17064398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
17074398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17084398.3f34: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
17094398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
17104398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17114398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17124398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
17134398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17154398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
17164398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17174398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
17184398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
17194398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17204398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17214398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
17224398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17244398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
17254398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17264398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
17274398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
17284398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17294398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17304398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
17314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17324398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17334398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
17344398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17354398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
17364398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
17374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
17404398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17414398.3f34: Error (rc=0):
17424398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
17434398.3f34: Error (rc=0):
17444398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
17454398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
17464398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17474398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
17484398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17494398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
17504398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
17514398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17524398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17534398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
17544398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17554398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17564398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
17574398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17584398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
17594398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
17604398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17614398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17624398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
17634398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17644398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17654398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
17664398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17674398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
17684398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
17694398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17704398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17714398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F19824F7F30CF82E1D73E5C33E74F9E6FEF7881
17724398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17734398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17744398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
17754398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17764398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
17774398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
17784398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17794398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17804398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
17814398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17824398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17834398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
17844398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17854398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
17864398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
17874398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17884398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17894398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
17904398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17914398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
17924398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
17934398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17944398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
17954398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
17964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
17974398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
17984398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
17994398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18014398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
18024398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18034398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
18044398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
18054398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18064398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18074398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
18084398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18094398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18104398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
18114398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18124398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
18134398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
18144398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18154398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18164398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
18174398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18184398.3f34: Error (rc=0):
18194398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
18204398.3f34: Error (rc=0):
18214398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
18224398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
18234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18244398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
18254398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18264398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
18274398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
18284398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18294398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18304398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
18314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18324398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18334398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
18344398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18354398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
18364398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
18374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
18404398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18414398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18424398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
18434398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18444398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
18454398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
18464398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18474398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18484398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D684EDFF8293D6E176C2B6CCCE865A055DDA963
18494398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18504398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18514398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
18524398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18534398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
18544398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18554398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18564398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
18574398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
18584398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18594398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18604398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
18614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18634398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
18644398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18654398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
18664398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
18674398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18684398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18694398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
18704398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18714398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18724398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
18734398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18744398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
18754398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
18764398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18774398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18784398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=17C92CAB93A0B0D1FA71CB9A06116B8E73655509
18794398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18804398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18814398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_151_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
18824398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18834398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
18844398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18854398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18864398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
18874398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
18884398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18894398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18904398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
18914398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18924398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
18934398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
18944398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18954398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
18964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
18974398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
18984398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
18994398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
19004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19014398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19024398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
19034398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19044398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
19054398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
19064398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
19074398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
19084398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
19094398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19104398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19114398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
19124398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19134398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
19144398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
19154398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
19164398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
19174398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F99748BFE223EB055422F8D406CE31E04A33D19D
19184398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19194398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19204398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
19214398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19224398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
19234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19244398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19254398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
19264398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
19274398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
19284398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
19294398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E77D5B633EF968BC32207546A5F5F8AFBD9CD44
19304398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19324398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
19334398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19344398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
19354398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
19364398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
19374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
19384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9538958E13AE062B45872A505055AA0DDF6DD3E4
19394398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19404398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
19414398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
19424398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19434398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
19444398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
19454398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebab1:<flags> [calling]
19464398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\Windows\system32\crypt32.dll'
19474398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
19484398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xca2de669f55ba200 C=US, O=Symantec Corporation, CN=Symantec Root 2005 CA
19494398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
19504398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
19514398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x269fbf81695fe300 O=Michel Kraemer, L=Giessen, ST=Hessen, C=DE
19524398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8320646638f9fea1 C=US, CN=Quest
19534398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
19544398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x987869d3679da00 CN=ClockworkMod
19554398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc8b975663120f272 CN=USB\VID_18A5&PID_022A (libwdi autogenerated)
19564398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
19574398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3423e6c7a208b400 O=Symantec Corporation, CN=Symantec Root CA
19584398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6e819cb1a8bf26f1 O=Qustodio, Email=support@qustodio.com, L=Barcelona, ST=Barcelona , C=ES, CN=Qustodio
19594398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
19604398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
19614398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
19624398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe0249b57ec7fbc00 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
19634398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xee325335cd8dba00 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2007
19644398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
19654398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3703c8da1585b000 C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA
19664398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8b062bb556fcc300 C=FR, O=Certeurope, OU=0002 434202180, CN=Certeurope Root CA 2
19674398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x977025a7d23db100 C=UY, O=ADMINISTRACION NACIONAL DE CORREOS, OU=SERVICIOS ELECTRONICOS, CN=Correo Uruguayo - Root CA
19684398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x15941d5f68b5c600 CN=ComSign Secured CA, O=ComSign, C=IL
19694398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
19704398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
19714398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3c0043239a65bd00 C=FR, O=Certplus, CN=Class 3TS Primary CA
19724398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
19734398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
19744398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa5c88c0a3eb7ab00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
19754398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4701de45a311b800 C=NL, O=Digidentity B.V., CN=Digidentity L3 Root CA - G2
19764398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
19774398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x49dccfc3945cd200 C=GB, O=Trustis Limited, OU=Trustis EVS Root CA
19784398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xeb7a1ac4eef2cd00 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Platina (Class Platinum) Főtanúsítvány
19794398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x788c2b5ac673bf00 C=CN, O=CFCA GT CA
19804398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8fe279bdb46fee00 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
19814398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x57ea572f1df7c400 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2
19824398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe0c6a3a05515a600 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
19834398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x1f3f10cd6b5dd700 C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
19844398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc7d32b6954e4f000 CN=ComSign CA, O=ComSign, C=IL
19854398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
19864398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x760668e19592ff00 CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
19874398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe8493f8d937dad00 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S2
19884398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
19894398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xaafa7abb99ab000 O=Cisco Systems, CN=Cisco Root CA 2048
19904398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
19914398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
19924398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5eb09e2012c300 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
19934398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb798ed29328b700 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
19944398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x38b3b5303d1acd00 C=GR, O=Athens Exchange S.A., CN=ATHEX Root CA
19954398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
19964398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
19974398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x72b9f9f128f2be00 C=DE, O=DATEV eG, CN=CA DATEV BT 01
19984398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
19994398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x41fe5fa9df12c400 C=US, O=AffirmTrust, CN=AffirmTrust Premium
20004398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
20014398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xafc0be88bdf2a800 DC=rs, DC=posta, DC=ca, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=Posta CA Root
20024398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
20034398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
20044398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd94cd06e3094b700 C=FR, O=Certplus, CN=Class 3 Primary CA
20054398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf08242cb8436b500 C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services
20064398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
20074398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
20084398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
20094398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
20104398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x39889aa748eabf00 C=ES, ST=Barcelona, L=Barcelona (see current address at https://www.anf.es/address/), O=ANF Autoridad de Certificación, OU=ANF Clase 1 CA?
20114398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x48cc53a3896bab00 C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A.
20124398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd71519e43fd5ba00 C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2
20134398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xade42733bd8d9700 C=us, O=U.S. Government, OU=FBCA, CN=Common Policy
20144398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x1c29714b0c909400 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA1
20154398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
20164398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4bc5e0ecc020c800 C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, Email=pki@sk.ee
20174398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xca22f040a77fb200 C=LU, O=LuxTrust s.a., CN=LuxTrust Global Root
20184398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe0b0c3006b04c400 C=LV, OU=Sertifikacijas pakalpojumu dala, CN=E-ME SSI (RCA)
20194398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x22c0bfed122ca900 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA II
20204398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd38f027573ffd300 CN=TÜRKTRUST Elektronik İşlem Hizmetleri, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
20214398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x292d67d00f91f000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados Notariales
20224398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa8a0b90e1e0a8700 C=IN, O=India PKI, CN=CCA India 2011
20234398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xea33d3c14ab5d900 C=DE, ST=Baden-Wuerttemberg (BW), L=Stuttgart, O=Deutscher Sparkassen Verlag GmbH, CN=S-TRUST Authentication and Encryption Root CA 2005:PN
20244398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
20254398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
20264398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
20274398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x923c3ab73579a1d0 C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
20284398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
20294398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
20304398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4c4391c37e36a900 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005
20314398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8c3756f8425c300 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certification Authority 01 G2
20324398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x20a3c30cad008000 C=ES, O=DIRECCION GENERAL DE LA POLICIA, OU=DNIE, CN=AC RAIZ DNIE
20334398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
20344398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf7c33b7ebfec9b00 C=SI, O=POSTA, OU=POSTArCA
20354398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
20364398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xab7df2a48539b200 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
20374398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
20384398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
20394398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfbf8ea8e6b96ca00 C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
20404398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xeb1d2a732928b200 CN=ComSign Global Root CA, O=ComSign Ltd., C=IL
20414398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
20424398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf44cbb0f8c74bc00 C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
20434398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x67db7cef8732e500 C=DE, O=DATEV eG, CN=CA DATEV STD 02
20444398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6a4c39c4152dd100 C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s.
20454398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xbf168afe877852f1 C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
20464398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdf103d404d3cef00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
20474398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2
20484398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
20494398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x177a8452aab3d500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Normalised CA
20504398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x449f1b13efa09400 C=CH, O=SwissSign AG, CN=SwissSign Platinum Root CA - G3
20514398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x862f01f4720ec800 C=CH, O=The Federal Authorities of the Swiss Confederation, OU=Services, OU=Certification Authorities, CN=Swiss Government Root CA I
20524398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
20534398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdff6d845073c8b00 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
20544398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2f371157ab2ac600 C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
20554398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
20564398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xada18517b3fdc600 C=FR, O=KEYNECTIS, OU=ROOT, CN=KEYNECTIS ROOT CA
20574398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
20584398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
20594398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x87b3c722f299c800 C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (RootCA)
20604398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
20614398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x68dbf810c635b900 C=JP, O=LGPKI, OU=Application CA G2
20624398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x94b9196cd23ff000 C=DE, O=DATEV eG, CN=CA DATEV INT 02
20634398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x974a61bfaba99b00 CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
20644398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
20654398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
20664398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x52273f34861cc300 C=IT, L=Milano, O=Actalis S.p.A./03358520967, CN=Actalis Authentication CA G1
20674398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xebbf1d700c008a00 C=US, O=Verizon Business, OU=OmniRoot, CN=Verizon Global Root CA
20684398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x94fb3f125608a800 C=CZ, CN=I.CA - Standard Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Provider of Certification Services
20694398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
20704398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
20714398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x236696801e5e9900 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA3
20724398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
20734398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7c71e6059b87be00 C=CH, O=SwissSign AG, CN=SwissSign Silver Root CA - G3
20744398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
20754398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6a3ad06184a0ee00 CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., C=TR
20764398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT
20774398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdaad63f38ff8e900 C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, Email=info@e-szigno.hu
20784398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
20794398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
20804398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
20814398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3b756388ea46ee60 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G4
20824398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xbe8f77488550e400 C=AU, O=GOV, OU=DoD, OU=PKI, OU=CAs, CN=ADOCA02
20834398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7d2686ca075db300 C=CN, O=UniTrust, CN=UCA Root
20844398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5784013b5c9c9d00 CN=ComSign Advanced Security CA
20854398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5c39bb51bbe0b400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
20864398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x80932303749f217 C=SI, O=Halcom, CN=Halcom CA PO 2
20874398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8b7607cf260bd500 C=si, O=state-institutions, OU=sigov-ca
20884398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8f874e74e06da700 C=JP, O=Japanese Government, OU=ApplicationCA
20894398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x23f085ee57b2b400 C=ES, O=Consejo General de la Abogacia NIF:Q-2863006I, CN=Autoridad de Certificacion de la Abogacia
20904398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x831827e970529d00 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados CGN V2
20914398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
20924398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 H?
20934398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd80363d60552ca00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
20944398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
20954398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe6519d844e429500 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
20964398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc9b005046ffea100 C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA1
20974398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
20984398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xff91db7d3f31b300 CN=TÜRKTRUST Elektronik İşlem Hizmetleri, C=TR, L=ANKARA, O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
20994398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa09adb78d220ae00 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Qualified CA
21004398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
21014398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
21024398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
21034398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xce3493bee81cce00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v1
21044398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa16e1e56de57af00 C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
21054398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2a6a1dc6b9e6b200 C=ES, O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN=ANCERT Certificados Notariales V2
21064398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
21074398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd919515ec7f4b500 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3
21084398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca999312534d200 C=CH, O=admin, OU=Services, OU=Certification Authorities, CN=AdminCA-CD-T01
21094398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x25debfb1cdcddc00 CN=AC1 RAIZ MTIN
21104398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xaec72ec8296bc300 C=FR, O=Certplus, CN=Class 1 Primary CA
21114398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa4031c19392e9f0e OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
21124398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
21134398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfaccd3ef7cba514a C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G4
21144398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf274f0a48808ab00 C=CZ, CN=I.CA - Qualified root certificate, O=První certifikační autorita, a.s.
21154398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
21164398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
21174398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdb2cd5c20d0aaf00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
21184398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6429d974d78ea400 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
21194398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x33c562d0d11fb200 C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr
21204398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
21214398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x665014bdbcc8f800 O=Cybertrust, Inc, CN=Cybertrust Global Root
21224398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
21234398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
21244398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5536e4a191fbb300 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
21254398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
21264398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5153f7daa1499900 C=DK, O=TRUST2408, CN=TRUST2408 OCES Primary CA
21274398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x19c084be4feaba00 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA A
21284398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x92d01fe10011c900 C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA
21294398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
21304398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x363d9b00b34fcb00 C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
21314398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
21324398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc672382f6ee021a1 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G4
21334398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa8aca89ee6edc000 C=SE, O=Inera AB, CN=SITHS Root CA v1
21344398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
21354398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7637cbb5cf9ce200 C=SG, O=Netrust Certificate Authority 1, OU=Netrust CA1
21364398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
21374398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x75f4feca85b98900 C=SI, O=Halcom, CN=Halcom Root CA
21384398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfe74e9a1fda3c000 C=DE, O=DATEV eG, CN=CA DATEV INT 01
21394398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x99a96449d739c700 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 1 Public Primary Certification Authority - G6
21404398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
21414398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x783bbdee737e9b00 C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
21424398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
21434398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x615eae439978de00 C=US, ST=MN, L=Minneapolis, O=Open Access Technology International Inc, CN=OATI WebCARES Root CA
21444398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
21454398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x69785d02da6eb500 C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com, Email=Info@izenpe.com
21464398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf8491584e4cdb300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 2 CA 2007
21474398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
21484398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xea8e67100ecbb300 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
21494398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
21504398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfe3e3d933619ad3f C=ES, O=FNMT, OU=FNMT Clase 2 CA
21514398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe05fe608c95b000 C=IL, O=PersonalID Ltd., OU=Certificate Services, CN=PersonalID Trustworthy RootCA 2011
21524398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
21534398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xcfd21c88249eb300 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-03, CN=A-Trust-Qual-03
21544398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8563c805e9cccd00 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 2 Public Primary Certification Authority - G6
21554398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd607333e36718100 Email=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
21564398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdc94c92cf53db900 C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
21574398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4e5147f555f3c100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA B
21584398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x64acc0b265e5b000 C=si, O=state-institutions, OU=sigen-ca
21594398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
21604398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5901ca5aa77fd00 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
21614398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd0353b9e7b50c500 C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
21624398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
21634398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x556cacd82e35af00 C=US, O=SecureTrust Corporation, CN=Secure Global CA
21644398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x99f15213ef3bc100 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
21654398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe4dba5da41bbe600 C=DE, O=DATEV eG, CN=CA DATEV BT 02
21664398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
21674398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa9c86e43a2efdb00 C=PT, O=SCEE, CN=ECRaizEstado
21684398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
21694398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf23ec9c15254b300 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
21704398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
21714398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
21724398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 L=Alvaro Obregon, ST=Distrito Federal, C=MX?
21734398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe8985fec4712d200 C=AT, L=Vienna, ST=Austria, O=ARGE DATEN - Austrian Society for Data Protection, OU=GLOBALTRUST Certification Service, CN=GLOBALTRUST, Email=info@globaltrust.info
21744398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xae429fd0a270a200 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
21754398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
21764398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
21774398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
21784398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xafe3d3869f859d00 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine
21794398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
21804398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
21814398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfd887dc131f69200 C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
21824398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
21834398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x4297e24fc722b300 C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
21844398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
21854398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9abc4dfab20eb700 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Public Primary Certification Authority - G6
21864398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfe221444afe0cb00 C=ch, O=admin, OU=Services, OU=Certification Authorities, CN=Admin-Root-CA
21874398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
21884398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
21894398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa9cc8cfa2245a100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA C
21904398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
21914398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xcd7b81d500c8ed00 C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
21924398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
21934398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x419b60ebff37ab00 C=FR, O=Certplus, CN=Class 3P Primary CA
21944398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb8ce920e1b50ac00 C=ES, O=Colegio de Registradores de la Propiedad y Mercantiles de España, OU=Certificado Propio, CN=Registradores de España - CA Raíz
21954398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
21964398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
21974398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
21984398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
21994398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e98e1050bea000 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
22004398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x3a8810ff4b6d8a00 C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
22014398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9830119f287caa00 C=FR, O=ANSSI, OU=0002 130007669, CN=IGC/A AC racine Etat francais
22024398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x7f2bd4d15bd9c500 C=SE, O=Carelink, CN=SITHS CA v3
22034398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xfa20c4eccee39700 C=DE, O=DATEV eG, CN=CA DATEV STD 01
22044398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
22054398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd5f715744f1cca00 C=SE, O=Swedish Social Insurance Agency, CN=Swedish Government Root Authority v1
22064398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xcaac0c3f3f759000 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Certificados CGN
22074398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x817a1151b5d29800 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
22084398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xeb8adc879521a200 C=ES, O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN=ANCERT Corporaciones de Derecho Publico
22094398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf63f5006e5b3da00 C=CN, O=UniTrust, CN=UCA Global Root
22104398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9d5a65c89fe8c300 C=CH, O=SwissSign AG, CN=SwissSign Gold Root CA - G3
22114398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
22124398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x2f5561fdf9b89b00 C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA)
22134398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
22144398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa674f2b1f89b500 C=FI, O=Sonera, CN=Sonera Class1 CA
22154398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x5dcc74a787f8b600 C=MO, O=Macao Post, CN=Macao Post eSignTrust Root Certification Authority (G02)
22164398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
22174398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
22184398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf1fbd6404bd4a500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust TOP Root CA
22194398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
22204398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x407c0c3d7576bf00 C=SI, O=ACNLB
22214398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x9de5960126a3bc00 C=SI, O=Halcom, CN=Halcom CA FO
22224398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
22234398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
22244398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xf03913fae404bc00 C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
22254398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xd43dd8b22552c700 C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, Email=info@netlock.hu
22264398.3f34: supR3HardenedWinIsDesiredRootCA: Adding 0xdf603f23927b9600 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA2
22274398.3f34: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=280
22284398.3f34: SUPR3HardenedMain: Load Runtime...
22294398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22304398.3f34: Error (rc=0):
22314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
22324398.3f34: Error (rc=0):
22334398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
22344398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
22354398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22364398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22374398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22384398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
22394398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
22404398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
22414398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
22424398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22434398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22444398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
22454398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22464398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22474398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22484398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
22494398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
22504398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
22514398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22524398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22534398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
22544398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22554398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22564398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
22574398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
22584398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
22594398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22604398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22614398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22634398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22644398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22654398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
22664398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
22674398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22694398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22704398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22714398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
22724398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22734398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22744398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22754398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22764398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
22774398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
22784398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
22794398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
22804398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
22814398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
22824398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22834398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
22844398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
22854398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22864398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
22874398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
22884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22894398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22904398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
22914398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22924398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22934398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
22944398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebdd1:<flags> [calling]
22954398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
22964398.3f34: supR3HardenedDllNotificationCallback: load 000007feaeb10000 LB 0x0055a000 E:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
22974398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
22984398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
22994398.3f34: supR3HardenedDllNotificationCallback: load 0000000053540000 LB 0x000d2000 E:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
23004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
23014398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
23024398.3f34: supR3HardenedDllNotificationCallback: load 00000000534a0000 LB 0x00098000 E:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
23034398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
23044398.3f34: supR3HardenedDllNotificationCallback: load 000007fefede0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
23054398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23064398.3f34: supR3HardenedDllNotificationCallback: load 000007fefedd0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
23074398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
23084398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23094398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23104398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23114398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23124398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23134398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23154398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23164398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23174398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23184398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23194398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23204398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23214398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23224398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23244398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23254398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23264398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23274398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23284398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23294398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23304398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23314398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23324398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23334398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23344398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23354398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23374398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23384398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23394398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23404398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23414398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23424398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23434398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23444398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23454398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23464398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23474398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23484398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23494398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23504398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23514398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
23524398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9511:<flags> [calling]
23534398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23544398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23554398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23564398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feaeb10000 'E:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
23574398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
23584398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed931:<flags> [calling]
23594398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\Windows\system32\Wintrust.dll'
23604398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23634398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23644398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
23654398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec491:<flags> [calling]
23664398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\Windows\system32\crypt32.dll'
23674398.3f34: SUPR3HardenedMain: Load TrustedMain...
23684398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23694398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23704398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
23714398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23724398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
23734398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
23744398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
23754398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
23764398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
23774398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
23784398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
23794398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
23804398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
23814398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
23824398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
23834398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
23844398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
23854398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
23864398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
23874398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
23884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
23894398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
23904398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
23914398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
23924398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
23934398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23944398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
23954398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
23964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23974398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
23984398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23994398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
24004398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
24014398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
24024398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
24034398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
24044398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
24054398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
24064398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
24074398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24084398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24094398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
24104398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24114398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24124398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
24134398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24144398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
24154398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
24164398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
24174398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
24184398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
24194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24214398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24224398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
24234398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
24244398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
24254398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24264398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24274398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
24284398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24294398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
24304398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
24314398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
24324398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
24334398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
24344398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
24354398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24364398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24374398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
24394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
24404398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
24414398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE77ABAC364F51C94584A3AF7DD90656C74CFAB9
24424398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24434398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24444398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3126593~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
24454398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24464398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24474398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
24484398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
24494398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
24504398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
24514398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
24524398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24544398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
24554398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
24564398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
24574398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=099C901656A370A7121E2F44A89052BDA6B504DB
24584398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24594398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24604398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
24614398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24624398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24634398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
24644398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
24654398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
24664398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
24674398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
24684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24694398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24704398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
24714398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24724398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24734398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
24744398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24754398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24764398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
24774398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
24784398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24794398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24804398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
24814398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
24824398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
24834398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
24844398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
24854398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
24864398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
24874398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
24884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
24894398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
24904398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24914398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
24924398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
24934398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
24944398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
24954398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
24964398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
24974398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
24984398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
24994398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
25004398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
25014398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
25024398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
25034398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
25044398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
25054398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
25064398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
25074398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
25084398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
25094398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25104398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25114398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25124398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
25134398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25144398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
25154398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
25164398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
25174398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
25184398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
25194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25214398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
25224398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25244398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
25254398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
25284398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
25294398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
25304398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
25314398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
25324398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
25334398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25344398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25354398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
25364398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25374398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25384398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25394398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
25404398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
25414398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
25424398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
25434398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
25444398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
25454398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25464398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25474398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
25484398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
25494398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
25504398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
25514398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
25524398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
25534398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25544398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25554398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
25564398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25574398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25584398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25594398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
25604398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
25614398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
25624398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
25634398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
25644398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
25654398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
25664398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
25674398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
25684398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
25694398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
25704398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
25714398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25724398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
25734398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
25744398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25754398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25764398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
25774398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25784398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
25794398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
25804398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25814398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25824398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25834398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25844398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
25854398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25864398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25874398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25894398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
25904398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25914398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25924398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
25934398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25944398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25954398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25964398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25974398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25984398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
25994398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26004398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26014398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
26024398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26034398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26044398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26054398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26064398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
26074398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26084398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26094398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
26104398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
26114398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
26124398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
26134398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26144398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26154398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
26164398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26174398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26184398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26214398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26224398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
26234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
26244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
26254398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv
26264398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
26274398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
26284398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
26294398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
26304398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
26314398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv'
26324398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26334398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26344398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
26354398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26364398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) WinVerifyTrust
26374398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
26384398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26394398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26404398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
26414398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26424398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26434398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
26444398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26454398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26464398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
26474398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
26484398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
26494398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
26504398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26524398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26544398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
26554398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
26564398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
26574398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
26584398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
26594398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
26604398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
26614398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26624398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26634398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26644398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26654398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
26664398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
26674398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
26684398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26694398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26704398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26714398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26724398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26734398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26744398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
26754398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26764398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26774398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26784398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26794398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26804398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26814398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26824398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26834398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26844398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26854398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26864398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26874398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26894398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
26904398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26914398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26924398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26934398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26944398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26954398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26964398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
26974398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26984398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26994398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
27004398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
27014398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
27024398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll
27034398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
27044398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
27054398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
27064398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27074398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27084398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
27094398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27104398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
27114398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27124398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27134398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
27144398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
27154398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27164398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27174398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27184398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27194398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27214398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
27224398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27254398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27284398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27294398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27304398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27314398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27324398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
27334398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27344398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27354398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27364398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27374398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27384398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27394398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27404398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27414398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27424398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27434398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
27444398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
27454398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
27464398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27474398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27484398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
27494398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
27504398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
27514398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
27524398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
27534398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
27544398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27554398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27564398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
27574398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27584398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27594398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27604398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27614398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
27624398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
27634398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27644398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27654398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
27664398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
27674398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
27684398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
27694398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27704398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27714398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
27724398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27734398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
27744398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
27754398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
27764398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
27774398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
27784398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
27794398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
27804398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
27814398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
27824398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27834398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27844398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
27854398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
27864398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
27874398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
27884398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
27894398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
27904398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27914398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
27924398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
27934398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27944398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27954398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
27964398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27974398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) WinVerifyTrust
27984398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
27994398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28004398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28014398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28024398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28034398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28044398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28054398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28064398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28074398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28084398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28094398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
28104398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
28114398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
28124398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
28134398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
28144398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
28154398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
28164398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
28174398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
28184398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28194398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28204398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
28214398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
28224398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
28234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28254398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
28264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28284398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28294398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28304398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28314398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28324398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28334398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28344398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
28354398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
28364398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
28374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
28384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
28394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
28404398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
28414398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
28424398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
28434398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28444398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28454398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28464398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28474398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
28484398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
28494398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28504398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28524398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28554398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28564398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28574398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28584398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28594398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28604398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28614398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
28624398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
28634398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
28644398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28654398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28664398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebde1:<flags> [calling]
28674398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
28684398.3f34: supR3HardenedDllNotificationCallback: load 000007feae050000 LB 0x00abf000 E:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
28694398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
28704398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
28714398.3f34: supR3HardenedDllNotificationCallback: load 000007fec99f0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
28724398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
28734398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
28744398.3f34: supR3HardenedDllNotificationCallback: load 000007fecb510000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
28754398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
28764398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
28774398.3f34: supR3HardenedDllNotificationCallback: load 000007fed5dc0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
28784398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
28794398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
28804398.3f34: supR3HardenedDllNotificationCallback: load 000007fee0a00000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
28814398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
28824398.3f34: supR3HardenedDllNotificationCallback: load 000007feff750000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
28834398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28844398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
28854398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
28864398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
28874398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
28884398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
28894398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
28904398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
28914398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
28924398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
28934398.3f34: supR3HardenedDllNotificationCallback: load 000007fefa010000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
28944398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
28954398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
28964398.3f34: supR3HardenedDllNotificationCallback: load 0000000066a20000 LB 0x002de000 E:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
28974398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
28984398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
28994398.3f34: supR3HardenedDllNotificationCallback: load 00000000643d0000 LB 0x0096c000 E:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
29004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
29014398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
29024398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
29034398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
29044398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
29054398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29064398.3f34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
29074398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
29084398.3f34: supR3HardenedDllNotificationCallback: load 000007fee73a0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
29094398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
29104398.3f34: supR3HardenedDllNotificationCallback: load 000007fefdef0000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
29114398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
29124398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29134398.3f34: supR3HardenedDllNotificationCallback: load 000007fefc2d0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
29144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29154398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
29164398.3f34: supR3HardenedDllNotificationCallback: load 000007fef9d80000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
29174398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
29184398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
29194398.3f34: supR3HardenedDllNotificationCallback: load 0000000062f00000 LB 0x000dc000 E:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
29204398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
29214398.3f34: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
29224398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
29234398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
29244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29254398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29284398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29294398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29304398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb3b1:<flags> [calling]
29314398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\imm32.dll'
29324398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feae050000 'E:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
29334398.3f34: SUPR3HardenedMain: Calling TrustedMain (000007feae0510f0)...
29344398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29354398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea71:<flags> [calling]
29364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2d0000 'C:\Windows\system32\winmm.dll'
29374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b0 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
29394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
29404398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
29414398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
29424398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
29434398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
29444398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29454398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29464398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
29474398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
29484398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
29494398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29504398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29524398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29554398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29564398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee291:<flags> [calling]
29574398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29584398.3f34: supR3HardenedDllNotificationCallback: load 000007fefb500000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
29594398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29604398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
29614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29624398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001edcd1:<flags> [calling]
29634398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
29644398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29654398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eda41:<flags> [calling]
29664398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
29674398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
29684398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eda41:<flags> [calling]
29694398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
29704398.3f34: \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
29714398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
29724398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
29734398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
29744398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
29754398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29764398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
29774398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
29784398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
29794398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
29804398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll
29814398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29824398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29834398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
29844398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
29854398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
29864398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
29874398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29884398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29894398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29904398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29914398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
29924398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
29934398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll
29944398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
29954398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
29964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d4 pwszName=\Device\HarddiskVolume3\Windows\System32\version.dll
29974398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
29984398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
29994398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
30004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30014398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30024398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\version.dll'
30034398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30044398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
30054398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust
30064398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
30074398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30084398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30094398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
30104398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee2a1:<flags> [calling]
30114398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll
30124398.3f34: supR3HardenedDllNotificationCallback: load 000007fee1b20000 LB 0x00049000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
30134398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll
30144398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
30154398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
30164398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
30174398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1b20000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
30184398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\advapi32.dll'
30194398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
30204398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001edf01:<flags> [calling]
30214398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa010000 'C:\Windows\system32\dwmapi.dll'
30224398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
30234398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee721:<flags> [calling]
30244398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\Windows\system32\CRYPTBASE.dll'
30254398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
30264398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee8d1:<flags> [calling]
30274398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
30284398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
30294398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee821:<flags> [calling]
30304398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077420000 'C:\Windows\system32\kernel32.dll'
30314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
30324398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee8a1:<flags> [calling]
30334398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
30344398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
30354398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee911:<flags> [calling]
30364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
30374398.3f34: \Device\HarddiskVolume3\Windows\System32\Wintab32.dll: Owner is administrators group.
30384398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30394398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30404398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'wtsapi32.dll'.
30414398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30424398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30434398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
30444398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
30454398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
30464398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Wintab32.dll) WinVerifyTrust
30474398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wintab32.dll
30484398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30494398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30504398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
30514398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30524398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30534398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
30544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
30554398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
30564398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
30574398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30584398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30594398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30604398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30614398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
30624398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
30634398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
30644398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
30654398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
30664398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
30674398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30684398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
30694398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll'
30704398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30714398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30724398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
30734398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
30744398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30754398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30764398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea31:<flags> [calling]
30774398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Wintab32.dll
30784398.3f34: supR3HardenedDllNotificationCallback: load 000007fec53a0000 LB 0x001e7000 C:\Windows\system32\wintab32.dll [fFlags=0x0]
30794398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Wintab32.dll
30804398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
30814398.3f34: supR3HardenedDllNotificationCallback: load 000007fefc500000 LB 0x00011000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
30824398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
30834398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec53a0000 'C:\Windows\system32\wintab32.dll'
30844398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077540000 'C:\Windows\system32\user32.dll'
30854398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
30864398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea81:<flags> [calling]
30874398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb500000 'C:\Windows\system32\uxtheme.dll'
30884398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077540000 'C:\Windows\system32\user32.dll'
30894398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\advapi32.dll'
30904398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
30914398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee8e1:<flags> [calling]
30924398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\userenv.dll'
30934398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
30944398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee8e1:<flags> [calling]
30954398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077420000 'C:\Windows\system32\kernel32.dll'
30964398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
30974398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
30984398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
30994398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
31004398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31014398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31024398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
31034398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31044398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31054398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
31064398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31074398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
31084398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
31094398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31104398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust
31114398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
31124398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31134398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31144398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31154398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31164398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
31174398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31184398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31194398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
31204398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31214398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31224398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
31234398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31244398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31254398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
31264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31284398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb8c1:<flags> [calling]
31294398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
31304398.3f34: supR3HardenedDllNotificationCallback: load 000007feff6b0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
31314398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
31324398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6b0000 'C:\Windows\system32\CLBCatQ.DLL'
31334398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
31344398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
31354398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea6b1:<flags> [calling]
31364398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\Windows\system32\CRYPTSP.dll'
31374398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000067c pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
31384398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
31394398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
31404398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
31414398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31424398.3f34: Error (rc=0):
31434398.3f34: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume3\Windows\System32\certsentry.dll
31444398.3f34: Error (rc=0):
31454398.3f34: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\certsentry.dll': rcNt=0xc0000190
31464398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\certsentry.dll'
31474398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31484398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll'
31494398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31504398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
31514398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
31524398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
31534398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31544398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31554398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea281:<flags> [calling]
31564398.3f34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
31574398.3f34: supR3HardenedDllNotificationCallback: load 000007fefd300000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
31584398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
31594398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd300000 'C:\Windows\system32\RpcRtRemote.dll'
31604398.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31614398.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
31624398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31634398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
31644398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31654398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
31664398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
31674398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
31684398.9d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
31694398.9d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
31704398.9d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
31714398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31724398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31734398.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
31744398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31754398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31764398.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
31774398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31784398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31794398.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
31804398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31814398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31824398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31834398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31844398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
31854398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
31864398.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
31874398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31884398.9d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31894398.9d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
31904398.9d8: supR3HardenedMonitor_LdrLoadDll: pName=E:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000622ead1:<flags> [calling]
31914398.9d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
31924398.9d8: supR3HardenedDllNotificationCallback: load 000007feada70000 LB 0x005d8000 E:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
31934398.9d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
31944398.9d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feada70000 'E:\Program Files\Oracle\VirtualBox\VBoxC.dll'
31954398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc10000 'C:\Windows\system32\gdi32.dll'
31964398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
31974398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb561:<flags> [calling]
31984398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
31994398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Wintab32.dll
32004398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eabd1:<flags> [calling]
32014398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec53a0000 'C:\Windows\system32\wintab32.dll'
32024398.3f34: supR3HardenedMonitor_LdrLoadDll: error opening '.\Wacom_Tablet.dll': 0 (NtPath=\??\C:\Users\andreas\.\Wacom_Tablet.dll; Input=.\Wacom_Tablet.dll; rcNtGetDll=0x0
32034398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=.\Wacom_Tablet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eab41:<flags> [calling]
32044398.3f34: \Device\HarddiskVolume3\Windows\System32\Wacom_Tablet.dll: Owner is administrators group.
32054398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'wtsapi32.dll'.
32064398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
32074398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32084398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
32094398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
32104398.3f34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
32114398.3f34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Wacom_Tablet.dll)
32124398.3f34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wacom_Tablet.dll
32134398.3f34: supR3HardenedDllNotificationCallback: load 000007fee0da0000 LB 0x00202000 C:\Windows\system32\Wacom_Tablet.dll [fFlags=0x0]
32144398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Wacom_Tablet.dll [avoiding WinVerifyTrust]
32154398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0da0000 '.\Wacom_Tablet.dll'
32164398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
32174398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
32184398.3f34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wacom_Tablet.dll'
32194398.3f34: supR3HardenedMonitor_LdrLoadDll: error opening '.\Pen_Tablet.dll': 0 (NtPath=\??\C:\Users\andreas\.\Pen_Tablet.dll; Input=.\Pen_Tablet.dll; rcNtGetDll=0x0
32204398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=.\Pen_Tablet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eab41:<flags> [calling]
32214398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 '.\Pen_Tablet.dll'
32224398.3f34: supR3HardenedMonitor_LdrLoadDll: error opening '.\ISD_Tablet.dll': 0 (NtPath=\??\C:\Users\andreas\.\ISD_Tablet.dll; Input=.\ISD_Tablet.dll; rcNtGetDll=0x0
32234398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=.\ISD_Tablet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eab41:<flags> [calling]
32244398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 '.\ISD_Tablet.dll'
32254398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
32264398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32274398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32284398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
32294398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32304398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32314398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
32324398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
32334398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32344398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32354398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32364398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32374398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
32384398.3f34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
32394398.3f34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
32404398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb5a1:<flags> [calling]
32414398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
32424398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
32434398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
32444398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
32454398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdef0000 'C:\Windows\system32\shell32.dll'
32464398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077540000 'C:\Windows\system32\user32.dll'
32474398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
32484398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\ole32.dll'
32494398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
32504398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ead71:<flags> [calling]
32514398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\MSCTF.dll'
32524398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
32534398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e79d1:<flags> [calling]
32544398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\Windows\system32\OLEAUT32.DLL'
32554398.3f34: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
32564398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
32574398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
32584398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000866ce0
32594398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000866ce0
32604398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
32614398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
32624398.3f34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume3\Windows\System32\certsentry.dll [lacks WinVerifyTrust]
32634398.3f34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
32644398.3f34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32654398.3f34: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
32664398.3f34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001e7f31:<flags> [calling]
32674398.3f34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee73a0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
32684398.3f34: Terminating the normal way: rcExit=1
32693df0.42e8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5250 ms, the end);
32703738.3040: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 6639 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy