VirtualBox

Ticket #15294: VBoxHardening.log

File VBoxHardening.log, 324.8 KB (added by ManWithNoName, 8 years ago)

VBoxHardening.log

Line 
11168.358: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21168.358: \SystemRoot\System32\ntdll.dll:
31168.358: CreationTime: 2016-05-12T08:49:31.020038900Z
41168.358: LastWriteTime: 2016-04-09T06:59:27.660769000Z
51168.358: ChangeTime: 2016-05-22T14:53:02.144415400Z
61168.358: FileAttributes: 0x20
71168.358: Size: 0x1a7100
81168.358: NT Headers: 0xe0
91168.358: Timestamp: 0x5708a857
101168.358: Machine: 0x8664 - amd64
111168.358: Timestamp: 0x5708a857
121168.358: Image Version: 6.1
131168.358: SizeOfImage: 0x1aa000 (1744896)
141168.358: Resource Dir: 0x14e000 LB 0x5a028
151168.358: ProductName: Microsoft® Windows® Operating System
161168.358: ProductVersion: 6.1.7601.23418
171168.358: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
181168.358: FileDescription: NT Layer DLL
191168.358: \SystemRoot\System32\kernel32.dll:
201168.358: CreationTime: 2016-05-12T08:49:30.552038100Z
211168.358: LastWriteTime: 2016-04-09T06:57:53.879000000Z
221168.358: ChangeTime: 2016-05-22T14:53:02.316015700Z
231168.358: FileAttributes: 0x20
241168.358: Size: 0x11c000
251168.358: NT Headers: 0xe0
261168.358: Timestamp: 0x5708a89b
271168.358: Machine: 0x8664 - amd64
281168.358: Timestamp: 0x5708a89b
291168.358: Image Version: 6.1
301168.358: SizeOfImage: 0x11f000 (1175552)
311168.358: Resource Dir: 0x116000 LB 0x528
321168.358: ProductName: Microsoft® Windows® Operating System
331168.358: ProductVersion: 6.1.7601.23418
341168.358: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
351168.358: FileDescription: Windows NT BASE API Client DLL
361168.358: \SystemRoot\System32\KernelBase.dll:
371168.358: CreationTime: 2016-05-12T08:49:30.583238100Z
381168.358: LastWriteTime: 2016-04-09T06:57:53.879000000Z
391168.358: ChangeTime: 2016-05-22T14:53:02.316015700Z
401168.358: FileAttributes: 0x20
411168.358: Size: 0x66800
421168.358: NT Headers: 0xe8
431168.358: Timestamp: 0x5708a89c
441168.358: Machine: 0x8664 - amd64
451168.358: Timestamp: 0x5708a89c
461168.358: Image Version: 6.1
471168.358: SizeOfImage: 0x6a000 (434176)
481168.358: Resource Dir: 0x68000 LB 0x530
491168.358: ProductName: Microsoft® Windows® Operating System
501168.358: ProductVersion: 6.1.7601.23418
511168.358: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
521168.358: FileDescription: Windows NT BASE API Client DLL
531168.358: \SystemRoot\System32\apisetschema.dll:
541168.358: CreationTime: 2016-05-12T08:49:30.021637100Z
551168.358: LastWriteTime: 2016-04-09T06:57:48.684000000Z
561168.358: ChangeTime: 2016-05-22T14:53:02.128815300Z
571168.358: FileAttributes: 0x20
581168.358: Size: 0x1a00
591168.358: NT Headers: 0xc0
601168.358: Timestamp: 0x5708a835
611168.358: Machine: 0x8664 - amd64
621168.358: Timestamp: 0x5708a835
631168.358: Image Version: 6.1
641168.358: SizeOfImage: 0x50000 (327680)
651168.358: Resource Dir: 0x30000 LB 0x3f8
661168.358: ProductName: Microsoft® Windows® Operating System
671168.358: ProductVersion: 6.1.7601.23418
681168.358: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
691168.358: FileDescription: ApiSet Schema DLL
701168.358: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711168.358: supR3HardenedWinFindAdversaries: 0x40
721168.358: \SystemRoot\System32\drivers\kl1.sys:
731168.358: CreationTime: 2015-06-29T14:37:48.000000000Z
741168.358: LastWriteTime: 2016-03-23T09:51:14.143447700Z
751168.358: ChangeTime: 2016-03-23T09:51:18.002668500Z
761168.358: FileAttributes: 0x20
771168.358: Size: 0x74cb8
781168.358: NT Headers: 0xe8
791168.358: Timestamp: 0x558314c5
801168.358: Machine: 0x8664 - amd64
811168.358: Timestamp: 0x558314c5
821168.358: Image Version: 0.0
831168.358: SizeOfImage: 0x762000 (7741440)
841168.358: Resource Dir: 0x760000 LB 0x448
851168.358: ProductName: Kaspersky Anti-Virus
861168.358: ProductVersion: 6.0.1.990
871168.358: FileVersion: 6.8.0.54
881168.358: FileDescription: Kaspersky Unified Driver
891168.358: \SystemRoot\System32\drivers\klflt.sys:
901168.358: CreationTime: 2016-03-23T09:41:26.884683500Z
911168.358: LastWriteTime: 2015-06-29T14:37:48.000000000Z
921168.358: ChangeTime: 2016-03-23T09:41:30.082689100Z
931168.358: FileAttributes: 0x20
941168.358: Size: 0x270d8
951168.358: NT Headers: 0xf8
961168.358: Timestamp: 0x55167906
971168.358: Machine: 0x8664 - amd64
981168.358: Timestamp: 0x55167906
991168.358: Image Version: 6.0
1001168.358: SizeOfImage: 0x35000 (217088)
1011168.358: Resource Dir: 0x33000 LB 0x370
1021168.358: ProductName: Kaspersky™ Anti-Virus ®
1031168.358: ProductVersion: 1.7.0.20
1041168.358: FileVersion: 1.7.0.20
1051168.358: FileDescription: Filter Core [fre_wlh_x64]
1061168.358: \SystemRoot\System32\drivers\klif.sys:
1071168.358: CreationTime: 2016-03-23T09:41:26.869083400Z
1081168.358: LastWriteTime: 2016-06-03T05:46:22.272960700Z
1091168.358: ChangeTime: 2016-06-03T05:46:32.303778200Z
1101168.358: FileAttributes: 0x20
1111168.358: Size: 0xcdfb0
1121168.358: NT Headers: 0x108
1131168.358: Timestamp: 0x570cdf7e
1141168.358: Machine: 0x8664 - amd64
1151168.358: Timestamp: 0x570cdf7e
1161168.358: Image Version: 6.0
1171168.358: SizeOfImage: 0xd3000 (864256)
1181168.358: Resource Dir: 0xd0000 LB 0x1538
1191168.358: ProductName: Kaspersky™ Anti-Virus ®
1201168.358: ProductVersion: 8.17.0.340
1211168.358: FileVersion: 8.17.0.340
1221168.358: FileDescription: Klif Mini-Filter [fre_wlh_x64]
1231168.358: \SystemRoot\System32\drivers\klim6.sys:
1241168.358: CreationTime: 2015-06-29T14:37:50.000000000Z
1251168.358: LastWriteTime: 2016-06-03T05:46:22.491361100Z
1261168.358: ChangeTime: 2016-06-03T05:46:32.428578400Z
1271168.358: FileAttributes: 0x20
1281168.358: Size: 0xc058
1291168.358: NT Headers: 0x100
1301168.358: Timestamp: 0x56d04684
1311168.358: Machine: 0x8664 - amd64
1321168.358: Timestamp: 0x56d04684
1331168.358: Image Version: 6.0
1341168.358: SizeOfImage: 0xa000 (40960)
1351168.358: Resource Dir: 0x8000 LB 0x488
1361168.358: ProductName: Kaspersky Anti-Virus
1371168.358: ProductVersion: 6.0.1.990
1381168.358: FileVersion: 8.0.0.105
1391168.358: FileDescription: Kaspersky Lab Intermediate Network Driver [fre_wlh_x64]
1401168.358: \SystemRoot\System32\drivers\klkbdflt.sys:
1411168.358: CreationTime: 2015-06-29T14:37:50.000000000Z
1421168.358: LastWriteTime: 2016-03-24T15:15:42.647173900Z
1431168.358: ChangeTime: 2016-06-03T05:46:38.138188400Z
1441168.358: FileAttributes: 0x20
1451168.358: Size: 0xbf70
1461168.358: NT Headers: 0x100
1471168.358: Timestamp: 0x553fe1b2
1481168.358: Machine: 0x8664 - amd64
1491168.358: Timestamp: 0x553fe1b2
1501168.358: Image Version: 6.0
1511168.358: SizeOfImage: 0xc000 (49152)
1521168.358: Resource Dir: 0xa000 LB 0x3a8
1531168.358: ProductName: Kaspersky™ Anti-Virus ®
1541168.358: ProductVersion: 8.15.0.49
1551168.358: FileVersion: 8.15.0.49
1561168.358: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
1571168.358: \SystemRoot\System32\drivers\klmouflt.sys:
1581168.358: CreationTime: 2015-06-29T14:37:50.000000000Z
1591168.358: LastWriteTime: 2016-03-24T15:15:42.787574100Z
1601168.358: ChangeTime: 2016-06-03T05:46:38.106988300Z
1611168.358: FileAttributes: 0x20
1621168.358: Size: 0xbb78
1631168.358: NT Headers: 0xf8
1641168.358: Timestamp: 0x553fe0ef
1651168.358: Machine: 0x8664 - amd64
1661168.358: Timestamp: 0x553fe0ef
1671168.358: Image Version: 6.0
1681168.358: SizeOfImage: 0xc000 (49152)
1691168.358: Resource Dir: 0xa000 LB 0x3a8
1701168.358: ProductName: Kaspersky™ Anti-Virus ®
1711168.358: ProductVersion: 8.11.0.15
1721168.358: FileVersion: 8.11.0.15
1731168.358: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
1741168.358: \SystemRoot\System32\drivers\kltdi.sys:
1751168.358: CreationTime: 2015-06-29T14:37:50.000000000Z
1761168.358: LastWriteTime: 2015-06-29T14:37:50.000000000Z
1771168.358: ChangeTime: 2016-06-03T05:46:38.028988200Z
1781168.358: FileAttributes: 0x20
1791168.358: Size: 0xfeb8
1801168.358: NT Headers: 0x100
1811168.358: Timestamp: 0x55782d65
1821168.358: Machine: 0x8664 - amd64
1831168.358: Timestamp: 0x55782d65
1841168.358: Image Version: 6.1
1851168.358: SizeOfImage: 0x10000 (65536)
1861168.358: Resource Dir: 0xe000 LB 0x3b8
1871168.358: ProductName: Kaspersky™ Anti-Virus ®
1881168.358: ProductVersion: 1.7.0.15
1891168.358: FileVersion: 1.7.0.15 built by: WinDDK
1901168.358: FileDescription: Network filtering component [fre_wnet_amd64]
1911168.358: \SystemRoot\System32\drivers\kneps.sys:
1921168.358: CreationTime: 2015-06-29T14:37:50.000000000Z
1931168.358: LastWriteTime: 2016-03-23T09:51:14.675478200Z
1941168.358: ChangeTime: 2016-03-23T09:51:18.028670000Z
1951168.358: FileAttributes: 0x20
1961168.358: Size: 0x2e8b8
1971168.358: NT Headers: 0x120
1981168.358: Timestamp: 0x55840fa4
1991168.358: Machine: 0x8664 - amd64
2001168.358: Timestamp: 0x55840fa4
2011168.358: Image Version: 6.1
2021168.358: SizeOfImage: 0x2e000 (188416)
2031168.358: Resource Dir: 0x2c000 LB 0x398
2041168.358: ProductName: Kaspersky™ Anti-Virus ®
2051168.358: ProductVersion: 5.7.0.45
2061168.358: FileVersion: 5.7.0.45 built by: WinDDK
2071168.358: FileDescription: KNEPS Power [fre_wnet_amd64]
2081168.358: \SystemRoot\System32\klfphc.dll:
2091168.358: CreationTime: 2016-03-23T09:41:35.636298700Z
2101168.358: LastWriteTime: 2013-05-06T07:13:26.000000000Z
2111168.358: ChangeTime: 2016-03-23T09:41:33.155894400Z
2121168.358: FileAttributes: 0x20
2131168.358: Size: 0x1ae60
2141168.358: NT Headers: 0xe8
2151168.358: Timestamp: 0x51873bf2
2161168.358: Machine: 0x8664 - amd64
2171168.358: Timestamp: 0x51873bf2
2181168.358: Image Version: 0.0
2191168.358: SizeOfImage: 0x1d000 (118784)
2201168.358: Resource Dir: 0x18000 LB 0x3c80
2211168.358: ProductName: Kaspersky™ Anti-Virus ®
2221168.358: ProductVersion: 1.0.0.12
2231168.358: FileVersion: 1.0.0.12
2241168.358: FileDescription: Filtering Platform Helper Class
2251168.358: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2261168.358: Calling main()
2271168.358: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2281168.358: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2291168.358: SUPR3HardenedMain: Respawn #1
2301168.358: System32: \Device\HarddiskVolume5\Windows\System32
2311168.358: WinSxS: \Device\HarddiskVolume5\Windows\winsxs
2321168.358: KnownDllPath: C:\Windows\system32
2331168.358: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2341168.358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2351168.358: supR3HardNtEnableThreadCreation:
2361168.358: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cfa0e0 pvNtTerminateThread=0000000076d1c060
2371168.358: supR3HardenedWinDoReSpawn(1): New child 1324.18d8 [kernel32].
2381168.358: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
2391168.358: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cd0000 uNtDllChildAddr=0000000076cd0000
2401168.358: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cfa0e0
2411168.358: supR3HardenedWinSetupChildInit: Start child.
2421168.358: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2431168.358: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
2441168.358: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2451168.358: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2461168.358: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2471168.358: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2481168.358: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2491168.358: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2501168.358: 0000000000041000-ffffffffffff1fff 0x0001/0x0000 0x0000000
2511168.358: *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
2521168.358: 000000000018c000-0000000000189fff 0x0104/0x0004 0x0020000
2531168.358: 000000000018e000-000000000018bfff 0x0004/0x0004 0x0020000
2541168.358: 0000000000190000-ffffffff8964ffff 0x0001/0x0000 0x0000000
2551168.358: *0000000076cd0000-0000000076cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2561168.358: 0000000076cd1000-0000000076dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2571168.358: 0000000076dce000-0000000076dfcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2581168.358: 0000000076dfd000-0000000076e06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2591168.358: 0000000076e07000-0000000076e07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2601168.358: 0000000076e08000-0000000076e0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2611168.358: 0000000076e0b000-0000000076e79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2621168.358: 0000000076e7a000-000000006ed13fff 0x0001/0x0000 0x0000000
2631168.358: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2641168.358: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2651168.358: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2661168.358: 000000007fff0000-ffffffffc0d3ffff 0x0001/0x0000 0x0000000
2671168.358: *000000013f2a0000-000000013f2a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2681168.358: 000000013f2a1000-000000013f310fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2691168.358: 000000013f311000-000000013f311fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2701168.358: 000000013f312000-000000013f356fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2711168.358: 000000013f357000-000000013f357fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2721168.358: 000000013f358000-000000013f358fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2731168.358: 000000013f359000-000000013f35dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2741168.358: 000000013f35e000-000000013f35efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2751168.358: 000000013f35f000-000000013f35ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2761168.358: 000000013f360000-000000013f363fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2771168.358: 000000013f364000-000000013f3abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2781168.358: 000000013f3ac000-fffff8037f767fff 0x0001/0x0000 0x0000000
2791168.358: *000007fefeff0000-000007fefeff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\apisetschema.dll
2801168.358: 000007fefeff1000-000007fdfe031fff 0x0001/0x0000 0x0000000
2811168.358: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2821168.358: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
2831168.358: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
2841168.358: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
2851168.358: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
2861168.358: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2871168.358: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
2881168.358: VirtualBox.exe: timestamp 0x5772960f (rc=VINF_SUCCESS)
2891168.358: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2901168.358: '\Device\HarddiskVolume5\Windows\System32\apisetschema.dll' has no imports
2911168.358: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
2921168.358: supR3HardNtChildPurify: Done after 541 ms and 0 fixes (loop #0).
2931324.18d8: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2941324.18d8: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cd0000 g_uNtVerCombined=0x611db100
2951324.18d8: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
2961324.18d8: New simple heap: #1 0000000000290000 LB 0x400000 (for 1744896 allocation)
2971168.358: supR3HardNtEnableThreadCreation:
2981324.18d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2991324.18d8: System32: \Device\HarddiskVolume5\Windows\System32
3001324.18d8: WinSxS: \Device\HarddiskVolume5\Windows\winsxs
3011324.18d8: KnownDllPath: C:\Windows\system32
3021324.18d8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3031324.18d8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3041324.18d8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3051324.18d8: Registered Dll notification callback with NTDLL.
3061324.18d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
3071324.18d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3081324.18d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3091324.18d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3101324.18d8: supR3HardenedDllNotificationCallback: load 0000000076bb0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3111324.18d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3121324.18d8: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3131324.18d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
3141324.18d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3151324.18d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076bb0000 'C:\Windows\system32\kernel32.dll'
3161324.18d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cfa0e0 pvNtTerminateThread=0000000076d1c060
3171168.358: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 26 ms.
3181324.18d8: \SystemRoot\System32\ntdll.dll:
3191324.18d8: CreationTime: 2016-05-12T08:49:31.020038900Z
3201324.18d8: LastWriteTime: 2016-04-09T06:59:27.660769000Z
3211324.18d8: ChangeTime: 2016-05-22T14:53:02.144415400Z
3221324.18d8: FileAttributes: 0x20
3231324.18d8: Size: 0x1a7100
3241324.18d8: NT Headers: 0xe0
3251324.18d8: Timestamp: 0x5708a857
3261324.18d8: Machine: 0x8664 - amd64
3271324.18d8: Timestamp: 0x5708a857
3281324.18d8: Image Version: 6.1
3291324.18d8: SizeOfImage: 0x1aa000 (1744896)
3301324.18d8: Resource Dir: 0x14e000 LB 0x5a028
3311324.18d8: ProductName: Microsoft® Windows® Operating System
3321324.18d8: ProductVersion: 6.1.7601.23418
3331324.18d8: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3341324.18d8: FileDescription: NT Layer DLL
3351324.18d8: \SystemRoot\System32\kernel32.dll:
3361324.18d8: CreationTime: 2016-05-12T08:49:30.552038100Z
3371324.18d8: LastWriteTime: 2016-04-09T06:57:53.879000000Z
3381324.18d8: ChangeTime: 2016-05-22T14:53:02.316015700Z
3391324.18d8: FileAttributes: 0x20
3401324.18d8: Size: 0x11c000
3411324.18d8: NT Headers: 0xe0
3421324.18d8: Timestamp: 0x5708a89b
3431324.18d8: Machine: 0x8664 - amd64
3441324.18d8: Timestamp: 0x5708a89b
3451324.18d8: Image Version: 6.1
3461324.18d8: SizeOfImage: 0x11f000 (1175552)
3471324.18d8: Resource Dir: 0x116000 LB 0x528
3481324.18d8: ProductName: Microsoft® Windows® Operating System
3491324.18d8: ProductVersion: 6.1.7601.23418
3501324.18d8: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3511324.18d8: FileDescription: Windows NT BASE API Client DLL
3521324.18d8: \SystemRoot\System32\KernelBase.dll:
3531324.18d8: CreationTime: 2016-05-12T08:49:30.583238100Z
3541324.18d8: LastWriteTime: 2016-04-09T06:57:53.879000000Z
3551324.18d8: ChangeTime: 2016-05-22T14:53:02.316015700Z
3561324.18d8: FileAttributes: 0x20
3571324.18d8: Size: 0x66800
3581324.18d8: NT Headers: 0xe8
3591324.18d8: Timestamp: 0x5708a89c
3601324.18d8: Machine: 0x8664 - amd64
3611324.18d8: Timestamp: 0x5708a89c
3621324.18d8: Image Version: 6.1
3631324.18d8: SizeOfImage: 0x6a000 (434176)
3641324.18d8: Resource Dir: 0x68000 LB 0x530
3651324.18d8: ProductName: Microsoft® Windows® Operating System
3661324.18d8: ProductVersion: 6.1.7601.23418
3671324.18d8: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3681324.18d8: FileDescription: Windows NT BASE API Client DLL
3691324.18d8: \SystemRoot\System32\apisetschema.dll:
3701324.18d8: CreationTime: 2016-05-12T08:49:30.021637100Z
3711324.18d8: LastWriteTime: 2016-04-09T06:57:48.684000000Z
3721324.18d8: ChangeTime: 2016-05-22T14:53:02.128815300Z
3731324.18d8: FileAttributes: 0x20
3741324.18d8: Size: 0x1a00
3751324.18d8: NT Headers: 0xc0
3761324.18d8: Timestamp: 0x5708a835
3771324.18d8: Machine: 0x8664 - amd64
3781324.18d8: Timestamp: 0x5708a835
3791324.18d8: Image Version: 6.1
3801324.18d8: SizeOfImage: 0x50000 (327680)
3811324.18d8: Resource Dir: 0x30000 LB 0x3f8
3821324.18d8: ProductName: Microsoft® Windows® Operating System
3831324.18d8: ProductVersion: 6.1.7601.23418
3841324.18d8: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3851324.18d8: FileDescription: ApiSet Schema DLL
3861324.18d8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3871324.18d8: supR3HardenedWinFindAdversaries: 0x40
3881324.18d8: \SystemRoot\System32\drivers\kl1.sys:
3891324.18d8: CreationTime: 2015-06-29T14:37:48.000000000Z
3901324.18d8: LastWriteTime: 2016-03-23T09:51:14.143447700Z
3911324.18d8: ChangeTime: 2016-03-23T09:51:18.002668500Z
3921324.18d8: FileAttributes: 0x20
3931324.18d8: Size: 0x74cb8
3941324.18d8: NT Headers: 0xe8
3951324.18d8: Timestamp: 0x558314c5
3961324.18d8: Machine: 0x8664 - amd64
3971324.18d8: Timestamp: 0x558314c5
3981324.18d8: Image Version: 0.0
3991324.18d8: SizeOfImage: 0x762000 (7741440)
4001324.18d8: Resource Dir: 0x760000 LB 0x448
4011324.18d8: ProductName: Kaspersky Anti-Virus
4021324.18d8: ProductVersion: 6.0.1.990
4031324.18d8: FileVersion: 6.8.0.54
4041324.18d8: FileDescription: Kaspersky Unified Driver
4051324.18d8: \SystemRoot\System32\drivers\klflt.sys:
4061324.18d8: CreationTime: 2016-03-23T09:41:26.884683500Z
4071324.18d8: LastWriteTime: 2015-06-29T14:37:48.000000000Z
4081324.18d8: ChangeTime: 2016-03-23T09:41:30.082689100Z
4091324.18d8: FileAttributes: 0x20
4101324.18d8: Size: 0x270d8
4111324.18d8: NT Headers: 0xf8
4121324.18d8: Timestamp: 0x55167906
4131324.18d8: Machine: 0x8664 - amd64
4141324.18d8: Timestamp: 0x55167906
4151324.18d8: Image Version: 6.0
4161324.18d8: SizeOfImage: 0x35000 (217088)
4171324.18d8: Resource Dir: 0x33000 LB 0x370
4181324.18d8: ProductName: Kaspersky™ Anti-Virus ®
4191324.18d8: ProductVersion: 1.7.0.20
4201324.18d8: FileVersion: 1.7.0.20
4211324.18d8: FileDescription: Filter Core [fre_wlh_x64]
4221324.18d8: \SystemRoot\System32\drivers\klif.sys:
4231324.18d8: CreationTime: 2016-03-23T09:41:26.869083400Z
4241324.18d8: LastWriteTime: 2016-06-03T05:46:22.272960700Z
4251324.18d8: ChangeTime: 2016-06-03T05:46:32.303778200Z
4261324.18d8: FileAttributes: 0x20
4271324.18d8: Size: 0xcdfb0
4281324.18d8: NT Headers: 0x108
4291324.18d8: Timestamp: 0x570cdf7e
4301324.18d8: Machine: 0x8664 - amd64
4311324.18d8: Timestamp: 0x570cdf7e
4321324.18d8: Image Version: 6.0
4331324.18d8: SizeOfImage: 0xd3000 (864256)
4341324.18d8: Resource Dir: 0xd0000 LB 0x1538
4351324.18d8: ProductName: Kaspersky™ Anti-Virus ®
4361324.18d8: ProductVersion: 8.17.0.340
4371324.18d8: FileVersion: 8.17.0.340
4381324.18d8: FileDescription: Klif Mini-Filter [fre_wlh_x64]
4391324.18d8: \SystemRoot\System32\drivers\klim6.sys:
4401324.18d8: CreationTime: 2015-06-29T14:37:50.000000000Z
4411324.18d8: LastWriteTime: 2016-06-03T05:46:22.491361100Z
4421324.18d8: ChangeTime: 2016-06-03T05:46:32.428578400Z
4431324.18d8: FileAttributes: 0x20
4441324.18d8: Size: 0xc058
4451324.18d8: NT Headers: 0x100
4461324.18d8: Timestamp: 0x56d04684
4471324.18d8: Machine: 0x8664 - amd64
4481324.18d8: Timestamp: 0x56d04684
4491324.18d8: Image Version: 6.0
4501324.18d8: SizeOfImage: 0xa000 (40960)
4511324.18d8: Resource Dir: 0x8000 LB 0x488
4521324.18d8: ProductName: Kaspersky Anti-Virus
4531324.18d8: ProductVersion: 6.0.1.990
4541324.18d8: FileVersion: 8.0.0.105
4551324.18d8: FileDescription: Kaspersky Lab Intermediate Network Driver [fre_wlh_x64]
4561324.18d8: \SystemRoot\System32\drivers\klkbdflt.sys:
4571324.18d8: CreationTime: 2015-06-29T14:37:50.000000000Z
4581324.18d8: LastWriteTime: 2016-03-24T15:15:42.647173900Z
4591324.18d8: ChangeTime: 2016-06-03T05:46:38.138188400Z
4601324.18d8: FileAttributes: 0x20
4611324.18d8: Size: 0xbf70
4621324.18d8: NT Headers: 0x100
4631324.18d8: Timestamp: 0x553fe1b2
4641324.18d8: Machine: 0x8664 - amd64
4651324.18d8: Timestamp: 0x553fe1b2
4661324.18d8: Image Version: 6.0
4671324.18d8: SizeOfImage: 0xc000 (49152)
4681324.18d8: Resource Dir: 0xa000 LB 0x3a8
4691324.18d8: ProductName: Kaspersky™ Anti-Virus ®
4701324.18d8: ProductVersion: 8.15.0.49
4711324.18d8: FileVersion: 8.15.0.49
4721324.18d8: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
4731324.18d8: \SystemRoot\System32\drivers\klmouflt.sys:
4741324.18d8: CreationTime: 2015-06-29T14:37:50.000000000Z
4751324.18d8: LastWriteTime: 2016-03-24T15:15:42.787574100Z
4761324.18d8: ChangeTime: 2016-06-03T05:46:38.106988300Z
4771324.18d8: FileAttributes: 0x20
4781324.18d8: Size: 0xbb78
4791324.18d8: NT Headers: 0xf8
4801324.18d8: Timestamp: 0x553fe0ef
4811324.18d8: Machine: 0x8664 - amd64
4821324.18d8: Timestamp: 0x553fe0ef
4831324.18d8: Image Version: 6.0
4841324.18d8: SizeOfImage: 0xc000 (49152)
4851324.18d8: Resource Dir: 0xa000 LB 0x3a8
4861324.18d8: ProductName: Kaspersky™ Anti-Virus ®
4871324.18d8: ProductVersion: 8.11.0.15
4881324.18d8: FileVersion: 8.11.0.15
4891324.18d8: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
4901324.18d8: \SystemRoot\System32\drivers\kltdi.sys:
4911324.18d8: CreationTime: 2015-06-29T14:37:50.000000000Z
4921324.18d8: LastWriteTime: 2015-06-29T14:37:50.000000000Z
4931324.18d8: ChangeTime: 2016-06-03T05:46:38.028988200Z
4941324.18d8: FileAttributes: 0x20
4951324.18d8: Size: 0xfeb8
4961324.18d8: NT Headers: 0x100
4971324.18d8: Timestamp: 0x55782d65
4981324.18d8: Machine: 0x8664 - amd64
4991324.18d8: Timestamp: 0x55782d65
5001324.18d8: Image Version: 6.1
5011324.18d8: SizeOfImage: 0x10000 (65536)
5021324.18d8: Resource Dir: 0xe000 LB 0x3b8
5031324.18d8: ProductName: Kaspersky™ Anti-Virus ®
5041324.18d8: ProductVersion: 1.7.0.15
5051324.18d8: FileVersion: 1.7.0.15 built by: WinDDK
5061324.18d8: FileDescription: Network filtering component [fre_wnet_amd64]
5071324.18d8: \SystemRoot\System32\drivers\kneps.sys:
5081324.18d8: CreationTime: 2015-06-29T14:37:50.000000000Z
5091324.18d8: LastWriteTime: 2016-03-23T09:51:14.675478200Z
5101324.18d8: ChangeTime: 2016-03-23T09:51:18.028670000Z
5111324.18d8: FileAttributes: 0x20
5121324.18d8: Size: 0x2e8b8
5131324.18d8: NT Headers: 0x120
5141324.18d8: Timestamp: 0x55840fa4
5151324.18d8: Machine: 0x8664 - amd64
5161324.18d8: Timestamp: 0x55840fa4
5171324.18d8: Image Version: 6.1
5181324.18d8: SizeOfImage: 0x2e000 (188416)
5191324.18d8: Resource Dir: 0x2c000 LB 0x398
5201324.18d8: ProductName: Kaspersky™ Anti-Virus ®
5211324.18d8: ProductVersion: 5.7.0.45
5221324.18d8: FileVersion: 5.7.0.45 built by: WinDDK
5231324.18d8: FileDescription: KNEPS Power [fre_wnet_amd64]
5241324.18d8: \SystemRoot\System32\klfphc.dll:
5251324.18d8: CreationTime: 2016-03-23T09:41:35.636298700Z
5261324.18d8: LastWriteTime: 2013-05-06T07:13:26.000000000Z
5271324.18d8: ChangeTime: 2016-03-23T09:41:33.155894400Z
5281324.18d8: FileAttributes: 0x20
5291324.18d8: Size: 0x1ae60
5301324.18d8: NT Headers: 0xe8
5311324.18d8: Timestamp: 0x51873bf2
5321324.18d8: Machine: 0x8664 - amd64
5331324.18d8: Timestamp: 0x51873bf2
5341324.18d8: Image Version: 0.0
5351324.18d8: SizeOfImage: 0x1d000 (118784)
5361324.18d8: Resource Dir: 0x18000 LB 0x3c80
5371324.18d8: ProductName: Kaspersky™ Anti-Virus ®
5381324.18d8: ProductVersion: 1.0.0.12
5391324.18d8: FileVersion: 1.0.0.12
5401324.18d8: FileDescription: Filtering Platform Helper Class
5411324.18d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
5421324.18d8: Calling main()
5431324.18d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5441324.18d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
5451324.18d8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5461324.18d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5471324.18d8: SUPR3HardenedMain: Respawn #2
5481324.18d8: supR3HardNtEnableThreadCreation:
5491324.18d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\apphelp.dll)
5501324.18d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\apphelp.dll
5511324.18d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5521324.18d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5531324.18d8: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
5541324.18d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5551324.18d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\apphelp.dll'
5561324.18d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cfa0e0 pvNtTerminateThread=0000000076d1c060
5571324.18d8: supR3HardenedWinDoReSpawn(2): New child 428.1748 [kernel32].
5581324.18d8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
5591324.18d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076cd0000 uNtDllChildAddr=0000000076cd0000
5601324.18d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076cfa0e0
5611324.18d8: supR3HardenedWinSetupChildInit: Start child.
5621324.18d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5631324.18d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
5641324.18d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5651324.18d8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5661324.18d8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5671324.18d8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
5681324.18d8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5691324.18d8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5701324.18d8: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
5711324.18d8: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
5721324.18d8: 000000000020c000-0000000000209fff 0x0104/0x0004 0x0020000
5731324.18d8: 000000000020e000-000000000020bfff 0x0004/0x0004 0x0020000
5741324.18d8: 0000000000210000-ffffffff8974ffff 0x0001/0x0000 0x0000000
5751324.18d8: *0000000076cd0000-0000000076cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5761324.18d8: 0000000076cd1000-0000000076dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5771324.18d8: 0000000076dce000-0000000076dfcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5781324.18d8: 0000000076dfd000-0000000076e06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5791324.18d8: 0000000076e07000-0000000076e07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5801324.18d8: 0000000076e08000-0000000076e0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5811324.18d8: 0000000076e0b000-0000000076e79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
5821324.18d8: 0000000076e7a000-000000006ed13fff 0x0001/0x0000 0x0000000
5831324.18d8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5841324.18d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5851324.18d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5861324.18d8: 000000007fff0000-ffffffffc0d3ffff 0x0001/0x0000 0x0000000
5871324.18d8: *000000013f2a0000-000000013f2a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5881324.18d8: 000000013f2a1000-000000013f310fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5891324.18d8: 000000013f311000-000000013f311fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5901324.18d8: 000000013f312000-000000013f356fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5911324.18d8: 000000013f357000-000000013f357fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5921324.18d8: 000000013f358000-000000013f358fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5931324.18d8: 000000013f359000-000000013f35dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5941324.18d8: 000000013f35e000-000000013f35efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5951324.18d8: 000000013f35f000-000000013f35ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5961324.18d8: 000000013f360000-000000013f363fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5971324.18d8: 000000013f364000-000000013f3abfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
5981324.18d8: 000000013f3ac000-fffff8037f767fff 0x0001/0x0000 0x0000000
5991324.18d8: *000007fefeff0000-000007fefeff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\apisetschema.dll
6001324.18d8: 000007fefeff1000-000007fdfe031fff 0x0001/0x0000 0x0000000
6011324.18d8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
6021324.18d8: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
6031324.18d8: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
6041324.18d8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
6051324.18d8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
6061324.18d8: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
6071324.18d8: VirtualBox.exe: timestamp 0x5772960f (rc=VINF_SUCCESS)
6081324.18d8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6091324.18d8: '\Device\HarddiskVolume5\Windows\System32\apisetschema.dll' has no imports
6101324.18d8: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
6111324.18d8: supR3HardNtChildPurify: Done after 536 ms and 0 fixes (loop #0).
6121324.18d8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
613428.1748: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
6141324.18d8: supR3HardNtEnableThreadCreation:
615428.1748: supR3HardenedVmProcessInit: uNtDllAddr=0000000076cd0000 g_uNtVerCombined=0x611db100
616428.1748: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
617428.1748: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
618428.1748: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
619428.1748: System32: \Device\HarddiskVolume5\Windows\System32
620428.1748: WinSxS: \Device\HarddiskVolume5\Windows\winsxs
621428.1748: KnownDllPath: C:\Windows\system32
622428.1748: supR3HardenedVmProcessInit: Opening vboxdrv...
623428.1748: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
624428.1748: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
625428.1748: Registered Dll notification callback with NTDLL.
626428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
627428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
628428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
629428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
630428.1748: supR3HardenedDllNotificationCallback: load 0000000076bb0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
631428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
632428.1748: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
633428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
634428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
635428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076bb0000 'C:\Windows\system32\kernel32.dll'
636428.1748: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076cfa0e0 pvNtTerminateThread=0000000076d1c060
6371324.18d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 42 ms.
638428.1748: \SystemRoot\System32\ntdll.dll:
639428.1748: CreationTime: 2016-05-12T08:49:31.020038900Z
640428.1748: LastWriteTime: 2016-04-09T06:59:27.660769000Z
641428.1748: ChangeTime: 2016-05-22T14:53:02.144415400Z
642428.1748: FileAttributes: 0x20
643428.1748: Size: 0x1a7100
644428.1748: NT Headers: 0xe0
645428.1748: Timestamp: 0x5708a857
646428.1748: Machine: 0x8664 - amd64
647428.1748: Timestamp: 0x5708a857
648428.1748: Image Version: 6.1
649428.1748: SizeOfImage: 0x1aa000 (1744896)
650428.1748: Resource Dir: 0x14e000 LB 0x5a028
651428.1748: ProductName: Microsoft® Windows® Operating System
652428.1748: ProductVersion: 6.1.7601.23418
653428.1748: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
654428.1748: FileDescription: NT Layer DLL
655428.1748: \SystemRoot\System32\kernel32.dll:
656428.1748: CreationTime: 2016-05-12T08:49:30.552038100Z
657428.1748: LastWriteTime: 2016-04-09T06:57:53.879000000Z
658428.1748: ChangeTime: 2016-05-22T14:53:02.316015700Z
659428.1748: FileAttributes: 0x20
660428.1748: Size: 0x11c000
661428.1748: NT Headers: 0xe0
662428.1748: Timestamp: 0x5708a89b
663428.1748: Machine: 0x8664 - amd64
664428.1748: Timestamp: 0x5708a89b
665428.1748: Image Version: 6.1
666428.1748: SizeOfImage: 0x11f000 (1175552)
667428.1748: Resource Dir: 0x116000 LB 0x528
668428.1748: ProductName: Microsoft® Windows® Operating System
669428.1748: ProductVersion: 6.1.7601.23418
670428.1748: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
671428.1748: FileDescription: Windows NT BASE API Client DLL
672428.1748: \SystemRoot\System32\KernelBase.dll:
673428.1748: CreationTime: 2016-05-12T08:49:30.583238100Z
674428.1748: LastWriteTime: 2016-04-09T06:57:53.879000000Z
675428.1748: ChangeTime: 2016-05-22T14:53:02.316015700Z
676428.1748: FileAttributes: 0x20
677428.1748: Size: 0x66800
678428.1748: NT Headers: 0xe8
679428.1748: Timestamp: 0x5708a89c
680428.1748: Machine: 0x8664 - amd64
681428.1748: Timestamp: 0x5708a89c
682428.1748: Image Version: 6.1
683428.1748: SizeOfImage: 0x6a000 (434176)
684428.1748: Resource Dir: 0x68000 LB 0x530
685428.1748: ProductName: Microsoft® Windows® Operating System
686428.1748: ProductVersion: 6.1.7601.23418
687428.1748: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
688428.1748: FileDescription: Windows NT BASE API Client DLL
689428.1748: \SystemRoot\System32\apisetschema.dll:
690428.1748: CreationTime: 2016-05-12T08:49:30.021637100Z
691428.1748: LastWriteTime: 2016-04-09T06:57:48.684000000Z
692428.1748: ChangeTime: 2016-05-22T14:53:02.128815300Z
693428.1748: FileAttributes: 0x20
694428.1748: Size: 0x1a00
695428.1748: NT Headers: 0xc0
696428.1748: Timestamp: 0x5708a835
697428.1748: Machine: 0x8664 - amd64
698428.1748: Timestamp: 0x5708a835
699428.1748: Image Version: 6.1
700428.1748: SizeOfImage: 0x50000 (327680)
701428.1748: Resource Dir: 0x30000 LB 0x3f8
702428.1748: ProductName: Microsoft® Windows® Operating System
703428.1748: ProductVersion: 6.1.7601.23418
704428.1748: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
705428.1748: FileDescription: ApiSet Schema DLL
706428.1748: NtOpenDirectoryObject failed on \Driver: 0xc0000022
707428.1748: supR3HardenedWinFindAdversaries: 0x40
708428.1748: \SystemRoot\System32\drivers\kl1.sys:
709428.1748: CreationTime: 2015-06-29T14:37:48.000000000Z
710428.1748: LastWriteTime: 2016-03-23T09:51:14.143447700Z
711428.1748: ChangeTime: 2016-03-23T09:51:18.002668500Z
712428.1748: FileAttributes: 0x20
713428.1748: Size: 0x74cb8
714428.1748: NT Headers: 0xe8
715428.1748: Timestamp: 0x558314c5
716428.1748: Machine: 0x8664 - amd64
717428.1748: Timestamp: 0x558314c5
718428.1748: Image Version: 0.0
719428.1748: SizeOfImage: 0x762000 (7741440)
720428.1748: Resource Dir: 0x760000 LB 0x448
721428.1748: ProductName: Kaspersky Anti-Virus
722428.1748: ProductVersion: 6.0.1.990
723428.1748: FileVersion: 6.8.0.54
724428.1748: FileDescription: Kaspersky Unified Driver
725428.1748: \SystemRoot\System32\drivers\klflt.sys:
726428.1748: CreationTime: 2016-03-23T09:41:26.884683500Z
727428.1748: LastWriteTime: 2015-06-29T14:37:48.000000000Z
728428.1748: ChangeTime: 2016-03-23T09:41:30.082689100Z
729428.1748: FileAttributes: 0x20
730428.1748: Size: 0x270d8
731428.1748: NT Headers: 0xf8
732428.1748: Timestamp: 0x55167906
733428.1748: Machine: 0x8664 - amd64
734428.1748: Timestamp: 0x55167906
735428.1748: Image Version: 6.0
736428.1748: SizeOfImage: 0x35000 (217088)
737428.1748: Resource Dir: 0x33000 LB 0x370
738428.1748: ProductName: Kaspersky™ Anti-Virus ®
739428.1748: ProductVersion: 1.7.0.20
740428.1748: FileVersion: 1.7.0.20
741428.1748: FileDescription: Filter Core [fre_wlh_x64]
742428.1748: \SystemRoot\System32\drivers\klif.sys:
743428.1748: CreationTime: 2016-03-23T09:41:26.869083400Z
744428.1748: LastWriteTime: 2016-06-03T05:46:22.272960700Z
745428.1748: ChangeTime: 2016-06-03T05:46:32.303778200Z
746428.1748: FileAttributes: 0x20
747428.1748: Size: 0xcdfb0
748428.1748: NT Headers: 0x108
749428.1748: Timestamp: 0x570cdf7e
750428.1748: Machine: 0x8664 - amd64
751428.1748: Timestamp: 0x570cdf7e
752428.1748: Image Version: 6.0
753428.1748: SizeOfImage: 0xd3000 (864256)
754428.1748: Resource Dir: 0xd0000 LB 0x1538
755428.1748: ProductName: Kaspersky™ Anti-Virus ®
756428.1748: ProductVersion: 8.17.0.340
757428.1748: FileVersion: 8.17.0.340
758428.1748: FileDescription: Klif Mini-Filter [fre_wlh_x64]
759428.1748: \SystemRoot\System32\drivers\klim6.sys:
760428.1748: CreationTime: 2015-06-29T14:37:50.000000000Z
761428.1748: LastWriteTime: 2016-06-03T05:46:22.491361100Z
762428.1748: ChangeTime: 2016-06-03T05:46:32.428578400Z
763428.1748: FileAttributes: 0x20
764428.1748: Size: 0xc058
765428.1748: NT Headers: 0x100
766428.1748: Timestamp: 0x56d04684
767428.1748: Machine: 0x8664 - amd64
768428.1748: Timestamp: 0x56d04684
769428.1748: Image Version: 6.0
770428.1748: SizeOfImage: 0xa000 (40960)
771428.1748: Resource Dir: 0x8000 LB 0x488
772428.1748: ProductName: Kaspersky Anti-Virus
773428.1748: ProductVersion: 6.0.1.990
774428.1748: FileVersion: 8.0.0.105
775428.1748: FileDescription: Kaspersky Lab Intermediate Network Driver [fre_wlh_x64]
776428.1748: \SystemRoot\System32\drivers\klkbdflt.sys:
777428.1748: CreationTime: 2015-06-29T14:37:50.000000000Z
778428.1748: LastWriteTime: 2016-03-24T15:15:42.647173900Z
779428.1748: ChangeTime: 2016-06-03T05:46:38.138188400Z
780428.1748: FileAttributes: 0x20
781428.1748: Size: 0xbf70
782428.1748: NT Headers: 0x100
783428.1748: Timestamp: 0x553fe1b2
784428.1748: Machine: 0x8664 - amd64
785428.1748: Timestamp: 0x553fe1b2
786428.1748: Image Version: 6.0
787428.1748: SizeOfImage: 0xc000 (49152)
788428.1748: Resource Dir: 0xa000 LB 0x3a8
789428.1748: ProductName: Kaspersky™ Anti-Virus ®
790428.1748: ProductVersion: 8.15.0.49
791428.1748: FileVersion: 8.15.0.49
792428.1748: FileDescription: KLKBDFLT Keyboard Device Filter [fre_wlh_x64]
793428.1748: \SystemRoot\System32\drivers\klmouflt.sys:
794428.1748: CreationTime: 2015-06-29T14:37:50.000000000Z
795428.1748: LastWriteTime: 2016-03-24T15:15:42.787574100Z
796428.1748: ChangeTime: 2016-06-03T05:46:38.106988300Z
797428.1748: FileAttributes: 0x20
798428.1748: Size: 0xbb78
799428.1748: NT Headers: 0xf8
800428.1748: Timestamp: 0x553fe0ef
801428.1748: Machine: 0x8664 - amd64
802428.1748: Timestamp: 0x553fe0ef
803428.1748: Image Version: 6.0
804428.1748: SizeOfImage: 0xc000 (49152)
805428.1748: Resource Dir: 0xa000 LB 0x3a8
806428.1748: ProductName: Kaspersky™ Anti-Virus ®
807428.1748: ProductVersion: 8.11.0.15
808428.1748: FileVersion: 8.11.0.15
809428.1748: FileDescription: KLMOUFLT Mouse Device Filter [fre_wlh_x64]
810428.1748: \SystemRoot\System32\drivers\kltdi.sys:
811428.1748: CreationTime: 2015-06-29T14:37:50.000000000Z
812428.1748: LastWriteTime: 2015-06-29T14:37:50.000000000Z
813428.1748: ChangeTime: 2016-06-03T05:46:38.028988200Z
814428.1748: FileAttributes: 0x20
815428.1748: Size: 0xfeb8
816428.1748: NT Headers: 0x100
817428.1748: Timestamp: 0x55782d65
818428.1748: Machine: 0x8664 - amd64
819428.1748: Timestamp: 0x55782d65
820428.1748: Image Version: 6.1
821428.1748: SizeOfImage: 0x10000 (65536)
822428.1748: Resource Dir: 0xe000 LB 0x3b8
823428.1748: ProductName: Kaspersky™ Anti-Virus ®
824428.1748: ProductVersion: 1.7.0.15
825428.1748: FileVersion: 1.7.0.15 built by: WinDDK
826428.1748: FileDescription: Network filtering component [fre_wnet_amd64]
827428.1748: \SystemRoot\System32\drivers\kneps.sys:
828428.1748: CreationTime: 2015-06-29T14:37:50.000000000Z
829428.1748: LastWriteTime: 2016-03-23T09:51:14.675478200Z
830428.1748: ChangeTime: 2016-03-23T09:51:18.028670000Z
831428.1748: FileAttributes: 0x20
832428.1748: Size: 0x2e8b8
833428.1748: NT Headers: 0x120
834428.1748: Timestamp: 0x55840fa4
835428.1748: Machine: 0x8664 - amd64
836428.1748: Timestamp: 0x55840fa4
837428.1748: Image Version: 6.1
838428.1748: SizeOfImage: 0x2e000 (188416)
839428.1748: Resource Dir: 0x2c000 LB 0x398
840428.1748: ProductName: Kaspersky™ Anti-Virus ®
841428.1748: ProductVersion: 5.7.0.45
842428.1748: FileVersion: 5.7.0.45 built by: WinDDK
843428.1748: FileDescription: KNEPS Power [fre_wnet_amd64]
844428.1748: \SystemRoot\System32\klfphc.dll:
845428.1748: CreationTime: 2016-03-23T09:41:35.636298700Z
846428.1748: LastWriteTime: 2013-05-06T07:13:26.000000000Z
847428.1748: ChangeTime: 2016-03-23T09:41:33.155894400Z
848428.1748: FileAttributes: 0x20
849428.1748: Size: 0x1ae60
850428.1748: NT Headers: 0xe8
851428.1748: Timestamp: 0x51873bf2
852428.1748: Machine: 0x8664 - amd64
853428.1748: Timestamp: 0x51873bf2
854428.1748: Image Version: 0.0
855428.1748: SizeOfImage: 0x1d000 (118784)
856428.1748: Resource Dir: 0x18000 LB 0x3c80
857428.1748: ProductName: Kaspersky™ Anti-Virus ®
858428.1748: ProductVersion: 1.0.0.12
859428.1748: FileVersion: 1.0.0.12
860428.1748: FileDescription: Filtering Platform Helper Class
861428.1748: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
862428.1748: Calling main()
863428.1748: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
864428.1748: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
865428.1748: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
866428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
867428.1748: SUPR3HardenedMain: Final process, opening VBoxDrv...
868428.1748: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
869428.1748: supR3HardNtEnableThreadCreation:
870428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
871428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
872428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b821:<flags> [calling]
873428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
874428.1748: supR3HardenedDllNotificationCallback: load 000007fef2ca0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
875428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
876428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
877428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208fa1:<flags> [calling]
878428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
879428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
880428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208fa1:<flags> [calling]
881428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
882428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
883428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
884428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
885428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
886428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
887428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
888428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
889428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
890428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
891428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
892428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
893428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
894428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
895428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
896428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
897428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
898428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
899428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
900428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
901428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
902428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
903428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
904428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
905428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
906428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
907428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
908428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
909428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
910428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
911428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
912428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
913428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d631:<flags> [calling]
914428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
915428.1748: supR3HardenedDllNotificationCallback: load 000007fefca70000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
916428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
917428.1748: supR3HardenedDllNotificationCallback: load 000007fefed00000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
918428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
919428.1748: supR3HardenedDllNotificationCallback: load 000007fefcab0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
920428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
921428.1748: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
922428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
923428.1748: supR3HardenedDllNotificationCallback: load 000007fefe100000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
924428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
925428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\Wintrust.dll'
926428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
927428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
928428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d631:<flags> [calling]
929428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
930428.1748: supR3HardenedDllNotificationCallback: load 000007fefc3e0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
931428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
932428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3e0000 'C:\Windows\system32\bcrypt.dll'
933428.1748: bcrypt.dll loaded at 000007fefc3e0000, BCryptOpenAlgorithmProvider at 000007fefc3e2640, preloading providers:
934428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
935428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
936428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
937428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
938428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
939428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
940428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
941428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
942428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
943428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
944428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
945428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
946428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
947428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
948428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
949428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
950428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
951428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
952428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
953428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d621:<flags> [calling]
954428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
955428.1748: supR3HardenedDllNotificationCallback: load 000007fefbe80000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
956428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
957428.1748: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
958428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
959428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
960428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
961428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
962428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
963428.1748: supR3HardenedDllNotificationCallback: load 000007fefefc0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
964428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
965428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe80000 'C:\Windows\system32\bcryptprimitives.dll'
966428.1748: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000080c3b0)
967428.1748: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000080cc40)
968428.1748: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000080cd60)
969428.1748: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000080cf70)
970428.1748: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000080d090)
971428.1748: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000080d1b0)
972428.1748: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000080d3f0)
973428.1748: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000080d510)
974428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
975428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
976428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
977428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
978428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
979428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
980428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
981428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
982428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d181:<flags> [calling]
983428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
984428.1748: supR3HardenedDllNotificationCallback: load 000007fefc290000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
985428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
986428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\CRYPTSP.dll'
987428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
988428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
989428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
990428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
991428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
992428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
993428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d111:<flags> [calling]
994428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
995428.1748: supR3HardenedDllNotificationCallback: load 000007fefbf90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
996428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
997428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\rsaenh.dll'
998428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
999428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c9a1:<flags> [calling]
1000428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
1001428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
1002428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
1003428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cd21:<flags> [calling]
1004428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1005428.1748: supR3HardenedDllNotificationCallback: load 000007fefc8f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
1006428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1007428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\CRYPTBASE.dll'
1008428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1009428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c751:<flags> [calling]
1010428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076bb0000 'C:\Windows\system32\kernel32.dll'
1011428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1012428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d0e1:<flags> [calling]
1013428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\WINTRUST.DLL'
1014428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1015428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020cf11:<flags> [calling]
1016428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\CRYPT32.dll'
1017428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1018428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
1019428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
1020428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
1021428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1022428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1023428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1024428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1025428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1026428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1027428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cf61:<flags> [calling]
1028428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1029428.1748: supR3HardenedDllNotificationCallback: load 000007fefded0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
1030428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1031428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefded0000 'C:\Windows\system32\imagehlp.dll'
1032428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1033428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d0b1:<flags> [calling]
1034428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\CRYPTSP.dll'
1035428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1036428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
1037428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
1038428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1039428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1040428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1041428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
1042428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
1043428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1044428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
1045428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume5\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
1046428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1047428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1048428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
1049428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\lpk.dll)
1050428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\lpk.dll
1051428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1052428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1053428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1054428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
1055428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume5\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
1056428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1057428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1058428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1059428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\usp10.dll)
1060428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\usp10.dll
1061428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1062428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1063428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1064428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1065428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1066428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1067428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1068428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1069428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1070428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1071428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1072428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1073428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1074428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1075428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1076428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cbe1:<flags> [calling]
1077428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1078428.1748: supR3HardenedDllNotificationCallback: load 0000000076ab0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1079428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1080428.1748: supR3HardenedDllNotificationCallback: load 000007fefee40000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1081428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1082428.1748: supR3HardenedDllNotificationCallback: load 000007fefe440000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1083428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1084428.1748: supR3HardenedDllNotificationCallback: load 000007fefe030000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1085428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1086428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1087428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c0e1:<flags> [calling]
1088428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'C:\Windows\system32\gdi32.dll'
1089428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1090428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1091428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1092428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
1093428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
1094428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1095428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume5\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1096428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1097428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1098428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1099428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1100428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\msctf.dll)
1101428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll
1102428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1103428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1104428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1105428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1106428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1107428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1108428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1109428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1110428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1111428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1112428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1113428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1114428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1115428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1116428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1117428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1118428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1119428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1120428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ba21:<flags> [calling]
1121428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1122428.1748: supR3HardenedDllNotificationCallback: load 000007fefd110000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1123428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1124428.1748: supR3HardenedDllNotificationCallback: load 000007fefeeb0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1125428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1126428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\IMM32.DLL'
1127428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32\USER32.dll'
1128428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1129428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1130428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1131428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\ncrypt.dll)
1132428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ncrypt.dll
1133428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1134428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1135428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1136428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1137428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1138428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1139428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1140428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1141428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1142428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cee1:<flags> [calling]
1143428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1144428.1748: supR3HardenedDllNotificationCallback: load 000007fefc410000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1145428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1146428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\ncrypt.dll'
1147428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1148428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ccd1:<flags> [calling]
1149428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3e0000 'C:\Windows\system32\bcrypt.dll'
1150428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1151428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1152428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1153428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\userenv.dll)
1154428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll
1155428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1156428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1157428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1158428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
1159428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
1160428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1161428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1162428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1163428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1164428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1165428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1166428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1167428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1168428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1169428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c691:<flags> [calling]
1170428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1171428.1748: supR3HardenedDllNotificationCallback: load 000007fefcca0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1172428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1173428.1748: supR3HardenedDllNotificationCallback: load 000007fefca50000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1174428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1175428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcca0000 'C:\Windows\system32\USERENV.dll'
1176428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c3f1:<flags> [calling]
1177428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1178428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c781:<flags> [calling]
1179428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1180428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1181428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1182428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
1183428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
1184428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1185428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1186428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1187428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1188428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1189428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1190428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c9b1:<flags> [calling]
1191428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1192428.1748: supR3HardenedDllNotificationCallback: load 000007fefbcb0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1193428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1194428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcb0000 'C:\Windows\system32\GPAPI.dll'
1195428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c901:<flags> [calling]
1196428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1197428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1198428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c001:<flags> [calling]
1199428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe100000 'C:\Windows\system32\rpcrt4.dll'
1200428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c8e1:<flags> [calling]
1201428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1202428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c8f1:<flags> [calling]
1203428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1204428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1205428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1206428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1207428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1208428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
1209428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
1210428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1211428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1212428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1213428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\Wldap32.dll)
1214428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\Wldap32.dll
1215428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1216428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1217428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1218428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1219428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1220428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1221428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1222428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1223428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1224428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1225428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1226428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1227428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c3d1:<flags> [calling]
1228428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1229428.1748: supR3HardenedDllNotificationCallback: load 000007fef94b0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1230428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1231428.1748: supR3HardenedDllNotificationCallback: load 000007fefdef0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1232428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1233428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1234428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1235428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1236428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1237428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1238428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1239428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1240428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1241428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1242428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1243428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1244428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1245428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1246428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1247428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1248428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1249428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b601:<flags> [calling]
1250428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1251428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1252428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1253428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1254428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1255428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1256428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1257428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1259428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1260428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1261428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1262428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1263428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94b0000 'C:\Windows\system32\cryptnet.dll'
1264428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bd61:<flags> [calling]
1265428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1266428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1267428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bd61:<flags> [calling]
1268428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\profapi.dll'
1269428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1270428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1271428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1272428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
1273428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
1274428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1275428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1276428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1277428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1278428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1279428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
1280428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1281428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1282428.1748: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1283428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b801:<flags> [calling]
1284428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1285428.1748: supR3HardenedDllNotificationCallback: load 000007fefec80000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1286428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1287428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'C:\Windows\system32\SHLWAPI.dll'
1288428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1289428.1748: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008916f0
1290428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1291428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B2074603B390BFFDF065F1D99436E162DA01247
1292428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c6a1:<flags> [calling]
1293428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1294428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c201:<flags> [calling]
1295428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1296428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c201:<flags> [calling]
1297428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1298428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1299428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c6a1:<flags> [calling]
1300428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
1301428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c651:<flags> [calling]
1302428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1303428.1748: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c341:<flags> [calling]
1304428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1305428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1306428.1748: g_pfnWinVerifyTrust=000007fefca71010
1307428.1748: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1308428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume5\Windows\System32\crypt32.dll
1309428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1310428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1311428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1312428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
1313428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1314428.1748: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
1315428.1748: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1316428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume5\Windows\System32\wintrust.dll
1317428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1318428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1319428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1320428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
1321428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1322428.1748: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
1323428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume5\Windows\System32\shlwapi.dll
1324428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1325428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1326428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1327428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'
1328428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1329428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'
1330428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume5\Windows\System32\Wldap32.dll
1331428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1332428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1333428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1334428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
1335428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1336428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\Wldap32.dll'
1337428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume5\Windows\System32\cryptnet.dll
1338428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1339428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1340428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1341428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
1342428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1343428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
1344428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume5\Windows\System32\gpapi.dll
1345428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1346428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1347428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1348428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
1349428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1350428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
1351428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume5\Windows\System32\profapi.dll
1352428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1353428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1354428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1355428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\profapi.dll'
1356428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1357428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
1358428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume5\Windows\System32\userenv.dll
1359428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1360428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1361428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1362428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\userenv.dll'
1363428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1364428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll'
1365428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume5\Windows\System32\ncrypt.dll
1366428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1367428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1368428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA6C78B48808A11F656C6382967A87EE5F0C60CB
1369428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\ncrypt.dll'
1370428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1371428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ncrypt.dll'
1372428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume5\Windows\System32\msctf.dll
1373428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1374428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1375428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1376428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\msctf.dll'
1377428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1378428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll'
1379428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume5\Windows\System32\imm32.dll
1380428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1381428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1382428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1383428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\imm32.dll'
1384428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1385428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll'
1386428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume5\Windows\System32\usp10.dll
1387428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1388428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1389428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
1390428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\usp10.dll'
1391428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1392428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\usp10.dll'
1393428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume5\Windows\System32\lpk.dll
1394428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1395428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1396428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCB0DC67293B86DEC2E849DF18F94623D95746BD
1397428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\lpk.dll'
1398428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1399428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\lpk.dll'
1400428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume5\Windows\System32\gdi32.dll
1401428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1402428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1403428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BF69549BDB242E116BF9BD19A15FAF340EEB3D
1404428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3156013~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
1405428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1406428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
1407428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume5\Windows\System32\user32.dll
1408428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1409428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1410428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
1411428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\user32.dll'
1412428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1413428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
1414428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume5\Windows\System32\imagehlp.dll
1415428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1416428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1417428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1418428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
1419428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1420428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
1421428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume5\Windows\System32\cryptbase.dll
1422428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1423428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1424428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391E0BDCC5481CE14D37936229ADC9D33B79EFD3
1425428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
1426428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1427428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
1428428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
1429428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume5\Windows\System32\cryptsp.dll
1430428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1431428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1432428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1433428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
1434428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1435428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
1436428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume5\Windows\System32\sechost.dll
1437428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1438428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1439428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1440428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\sechost.dll'
1441428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1442428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
1443428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume5\Windows\System32\advapi32.dll
1444428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1445428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1446428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D43404454E9187689A82DF7C071193F419224E
1447428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
1448428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1449428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
1450428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
1451428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume5\Windows\System32\bcrypt.dll
1452428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1453428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1454428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1455428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
1456428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1457428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
1458428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume5\Windows\System32\msvcrt.dll
1459428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1460428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1461428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1462428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
1463428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1464428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
1465428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume5\Windows\System32\msasn1.dll
1466428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1467428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1468428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1469428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
1470428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1471428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
1472428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1473428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1474428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1475428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1CC6C4B6B676C1C67B5E7843BCC90CBA9F7DD88D
1476428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
1477428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1478428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
1479428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1480428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume5\Windows\System32\KernelBase.dll
1481428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1482428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1483428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7692F3D670BDC0FC9E32BAA19C7AB6DDD55F2067
1484428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
1485428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1486428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
1487428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume5\Windows\System32\kernel32.dll
1488428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1489428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1490428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD16A55718A266ABD00ED5A81A94217318BED5ED
1491428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
1492428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1493428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
1494428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
1495428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c151:<flags> [calling]
1496428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\crypt32.dll'
1497428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1498428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1499428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1500428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1501428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1502428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1503428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x69fcf6527721fc00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
1504428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1505428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1506428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1507428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1508428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1509428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1510428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1511428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1512428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1513428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1514428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1515428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1516428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
1517428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1518428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1519428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1520428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1521428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1522428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1523428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1524428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1525428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1526428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1527428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1528428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1529428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1530428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1531428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1532428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1533428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1534428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1535428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1536428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1537428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1538428.1748: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1539428.1748: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
1540428.1748: SUPR3HardenedMain: Load Runtime...
1541428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1542428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1543428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1544428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1545428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1546428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1547428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1548428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1549428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1550428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1551428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1552428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1553428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1554428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1555428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1556428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\ws2_32.dll'
1557428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1558428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1559428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1560428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1561428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
1562428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1563428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1564428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1565428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1566428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1567428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1568428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1569428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1570428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1571428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1572428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1573428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1574428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1575428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1576428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1577428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume5\Windows\System32\nsi.dll
1578428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1579428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1580428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1581428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\nsi.dll'
1582428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1583428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll) WinVerifyTrust
1584428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
1585428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1586428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1587428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
1588428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1589428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1590428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
1591428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c471:<flags> [calling]
1592428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1593428.1748: supR3HardenedDllNotificationCallback: load 000007feecae0000 LB 0x0050f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1594428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1595428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1596428.1748: supR3HardenedDllNotificationCallback: load 0000000057340000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1597428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1598428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1599428.1748: supR3HardenedDllNotificationCallback: load 00000000572a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1600428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1601428.1748: supR3HardenedDllNotificationCallback: load 000007fefe780000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1602428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1603428.1748: supR3HardenedDllNotificationCallback: load 000007fefce10000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1604428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
1605428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1606428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1607428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1608428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1609428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1610428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1611428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1612428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1613428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1614428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1615428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1616428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1617428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1618428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1619428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1620428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1621428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1622428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1623428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1624428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1625428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1626428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1627428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1628428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1629428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1630428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1631428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1632428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1633428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1634428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1635428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1636428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1637428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1638428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1639428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1640428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1641428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1642428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1643428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1644428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1645428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1646428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1647428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1648428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
1649428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209bb1:<flags> [calling]
1650428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1651428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1652428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1653428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1654428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
1655428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dfd1:<flags> [calling]
1656428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\Wintrust.dll'
1657428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
1658428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cb31:<flags> [calling]
1659428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\crypt32.dll'
1660428.1748: SUPR3HardenedMain: Load TrustedMain...
1661428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1662428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1663428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1664428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1665428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1666428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1667428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1668428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1669428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1670428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1671428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1672428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1673428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1674428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
1675428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1676428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
1677428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1678428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1679428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume5\Windows\System32\winmm.dll
1680428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1681428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1682428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1683428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\winmm.dll'
1684428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1685428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1686428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1687428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
1688428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
1689428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1690428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1691428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1692428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1693428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1694428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BC5EE6972BF0BFEF4A099CB82428B9B682CAD7
1695428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\oleaut32.dll'
1696428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1697428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1698428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1699428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1700428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1701428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1702428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
1703428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1704428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1705428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1706428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume5\Windows\System32\ole32.dll
1707428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1708428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1709428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
1710428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume5\Windows\System32\ole32.dll'
1711428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1712428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1713428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1714428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1715428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1716428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
1717428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
1718428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1719428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1720428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume5\Windows\System32\shell32.dll
1721428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1722428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1723428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=099C901656A370A7121E2F44A89052BDA6B504DB
1724428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\shell32.dll'
1725428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1726428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1727428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1728428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1729428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1730428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) WinVerifyTrust
1731428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
1732428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1733428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1734428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1735428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1736428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1737428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1738428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1739428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1740428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1741428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1742428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1743428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1744428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1745428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1746428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1747428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1748428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1749428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1750428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1751428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1752428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1753428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1754428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1755428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1756428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1757428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1758428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1759428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1760428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1761428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1762428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1763428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1764428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1765428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1766428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1767428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1768428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1769428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1770428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1771428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1772428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1773428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1774428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1775428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1776428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1777428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1778428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1779428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1780428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1781428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1782428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1783428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1784428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1785428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1786428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1787428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume5\Windows\System32\opengl32.dll
1788428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1789428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1790428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1791428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume5\Windows\System32\opengl32.dll'
1792428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1793428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1794428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1795428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1796428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1797428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1798428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1799428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\opengl32.dll) WinVerifyTrust
1800428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\opengl32.dll
1801428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1802428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1803428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1804428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume5\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1805428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume5\Windows\System32\ddraw.dll
1806428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1807428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1808428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1809428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume5\Windows\System32\ddraw.dll'
1810428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1811428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1812428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1813428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1814428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1815428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1816428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1817428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ddraw.dll) WinVerifyTrust
1818428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ddraw.dll
1819428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1820428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume5\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1821428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume5\Windows\System32\glu32.dll
1822428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1823428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1824428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1825428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume5\Windows\System32\glu32.dll'
1826428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1827428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1828428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1829428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1830428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\glu32.dll) WinVerifyTrust
1831428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\glu32.dll
1832428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1833428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1834428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1835428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1836428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1837428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1838428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1839428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1840428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1841428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1842428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1843428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1844428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1845428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1846428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1847428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
1848428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1849428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1850428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
1851428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1852428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1853428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1854428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1855428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1856428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1857428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1858428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1859428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1860428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1861428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
1862428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1863428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1864428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1865428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1866428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1867428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
1868428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1869428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1870428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1871428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1872428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1873428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1874428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1875428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1876428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1877428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume5\Windows\System32\winspool.drv
1878428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1879428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1880428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1881428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\winspool.drv'
1882428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1883428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1884428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1885428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1886428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winspool.drv) WinVerifyTrust
1887428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
1888428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1889428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1890428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
1891428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1892428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1893428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
1894428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1895428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1896428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
1897428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1898428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1899428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1900428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1901428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1902428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1903428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'
1904428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1905428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1906428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1907428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1908428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1909428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1910428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1911428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) WinVerifyTrust
1912428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
1913428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1914428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1915428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1916428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1917428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
1918428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1919428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1920428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1921428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1922428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1923428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1924428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1925428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1926428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1927428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1928428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1929428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1930428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
1931428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1932428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1933428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1934428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1935428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1936428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1937428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
1938428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1939428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1940428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1941428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1942428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1943428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1944428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1945428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1946428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1947428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1948428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1949428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1950428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1951428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1952428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
1953428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1954428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1955428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1956428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1957428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1958428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1959428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
1960428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1961428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1962428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1963428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1964428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1965428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1966428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
1967428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1968428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1969428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume5\Windows\System32\comctl32.dll
1970428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
1971428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
1972428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1973428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\comctl32.dll'
1974428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1975428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1976428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1977428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1978428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll) WinVerifyTrust
1979428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
1980428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1981428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1982428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1983428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1984428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1985428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1986428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
1987428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1988428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1989428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1990428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1991428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1992428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1993428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
1994428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1995428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1996428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1997428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1998428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1999428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2000428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
2001428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2002428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2003428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2004428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2005428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2006428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2007428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2008428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
2009428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
2010428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2011428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2012428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2013428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2014428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll) WinVerifyTrust
2015428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2016428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2017428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2018428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume5\Windows\System32\setupapi.dll
2019428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2020428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2021428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2022428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\setupapi.dll'
2023428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2024428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2025428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2026428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2027428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2028428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2029428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2030428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2031428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\setupapi.dll) WinVerifyTrust
2032428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\setupapi.dll
2033428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2034428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2035428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2036428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume5\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2037428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume5\Windows\System32\dciman32.dll
2038428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2039428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2040428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B836812C25D9B41A17EC3FB9DFD521994AD2302
2041428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume5\Windows\System32\dciman32.dll'
2042428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2043428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2044428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2045428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2046428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dciman32.dll) WinVerifyTrust
2047428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dciman32.dll
2048428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2049428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2050428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2051428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2052428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2053428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2054428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2055428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2056428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2057428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2058428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2059428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2060428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume5\Windows\System32\devobj.dll
2061428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2062428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2063428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2064428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\devobj.dll'
2065428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2066428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2067428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2068428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll) WinVerifyTrust
2069428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
2070428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2071428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2072428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2073428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2074428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2075428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2076428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2077428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2078428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2079428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2080428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2081428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2082428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2083428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
2084428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2085428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2086428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2087428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll'
2088428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2089428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2090428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2091428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2092428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll) WinVerifyTrust
2093428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
2094428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2095428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2096428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2097428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2098428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2099428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2100428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2101428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2102428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2103428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2104428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2105428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2106428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2107428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2108428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2109428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2110428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2111428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2112428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2113428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2114428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
2115428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2116428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2117428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c481:<flags> [calling]
2118428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
2119428.1748: supR3HardenedDllNotificationCallback: load 000007feec220000 LB 0x008c0000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2120428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.dll
2121428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
2122428.1748: supR3HardenedDllNotificationCallback: load 000007feed2d0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2123428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\opengl32.dll
2124428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\glu32.dll
2125428.1748: supR3HardenedDllNotificationCallback: load 000007fef0840000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2126428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\glu32.dll
2127428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll
2128428.1748: supR3HardenedDllNotificationCallback: load 000007feed1d0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2129428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ddraw.dll
2130428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll
2131428.1748: supR3HardenedDllNotificationCallback: load 000007fef2c90000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2132428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dciman32.dll
2133428.1748: supR3HardenedDllNotificationCallback: load 000007fefeaa0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2134428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
2135428.1748: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2136428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
2137428.1748: supR3HardenedDllNotificationCallback: load 000007fefcfb0000 LB 0x000d8000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2138428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2139428.1748: supR3HardenedDllNotificationCallback: load 000007fefe230000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2140428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2141428.1748: supR3HardenedDllNotificationCallback: load 000007fefccd0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2142428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
2143428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2144428.1748: supR3HardenedDllNotificationCallback: load 000007fefabf0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2145428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2146428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2147428.1748: supR3HardenedDllNotificationCallback: load 0000000056fc0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2148428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2149428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2150428.1748: supR3HardenedDllNotificationCallback: load 0000000056240000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2151428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2152428.1748: supR3HardenedDllNotificationCallback: load 000007fefeda0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2153428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
2154428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2155428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2156428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2157428.1748: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2158428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2159428.1748: supR3HardenedDllNotificationCallback: load 000007fef8e40000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2160428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2161428.1748: supR3HardenedDllNotificationCallback: load 000007fefd140000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2162428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2163428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
2164428.1748: supR3HardenedDllNotificationCallback: load 000007fefa960000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2165428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
2166428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winspool.drv
2167428.1748: supR3HardenedDllNotificationCallback: load 000007fef8890000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2168428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winspool.drv
2169428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2170428.1748: supR3HardenedDllNotificationCallback: load 0000000056ee0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2171428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2172428.1748: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume5\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2173428.1748: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2174428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
2175428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2176428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2177428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2178428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2179428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2180428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2181428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ba51:<flags> [calling]
2182428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\imm32.dll'
2183428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec220000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2184428.1748: SUPR3HardenedMain: Calling TrustedMain (000007feec221020)...
2185428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
2186428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020f111:<flags> [calling]
2187428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa960000 'C:\Windows\system32\winmm.dll'
2188428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2189428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2190428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2191428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2192428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
2193428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2194428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2195428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2196428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2197428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll) WinVerifyTrust
2198428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2199428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2200428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2201428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2202428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2203428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2204428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2205428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e931:<flags> [calling]
2206428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2207428.1748: supR3HardenedDllNotificationCallback: load 000007fefafd0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2208428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2209428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2210428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2211428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e371:<flags> [calling]
2212428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2213428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2214428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e0e1:<flags> [calling]
2215428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2216428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2217428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e0e1:<flags> [calling]
2218428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2219428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
2220428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e5a1:<flags> [calling]
2221428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabf0000 'C:\Windows\system32\dwmapi.dll'
2222428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
2223428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020edc1:<flags> [calling]
2224428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\CRYPTBASE.dll'
2225428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2226428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ef71:<flags> [calling]
2227428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\Windows\system32\shell32.dll'
2228428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2229428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eec1:<flags> [calling]
2230428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076bb0000 'C:\Windows\system32\kernel32.dll'
2231428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2232428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ef41:<flags> [calling]
2233428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2234428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2235428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020efb1:<flags> [calling]
2236428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2237428.1748: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2238428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020f0d1:<flags> [calling]
2239428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2240428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32\user32.dll'
2241428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
2242428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020f121:<flags> [calling]
2243428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafd0000 'C:\Windows\system32\uxtheme.dll'
2244428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32\user32.dll'
2245428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\advapi32.dll'
2246428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll
2247428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ef81:<flags> [calling]
2248428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcca0000 'C:\Windows\system32\userenv.dll'
2249428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2250428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ef81:<flags> [calling]
2251428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076bb0000 'C:\Windows\system32\kernel32.dll'
2252428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume5\Windows\System32\clbcatq.dll
2253428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2254428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2255428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2256428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\clbcatq.dll'
2257428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2258428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2259428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2260428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2261428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2262428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2263428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2264428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll) WinVerifyTrust
2265428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
2266428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2267428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2268428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2269428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2270428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2271428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2272428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2273428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2274428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2275428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2276428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2277428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2278428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2279428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2280428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
2281428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bf61:<flags> [calling]
2282428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
2283428.1748: supR3HardenedDllNotificationCallback: load 000007fefe6e0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2284428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
2285428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6e0000 'C:\Windows\system32\CLBCatQ.DLL'
2286428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
2287428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
2288428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ad51:<flags> [calling]
2289428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\CRYPTSP.dll'
2290428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll
2291428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2292428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2293428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2294428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll'
2295428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2296428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2297428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2298428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll
2299428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2300428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2301428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a921:<flags> [calling]
2302428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll
2303428.1748: supR3HardenedDllNotificationCallback: load 000007fefc9a0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2304428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\RpcRtRemote.dll
2305428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9a0000 'C:\Windows\system32\RpcRtRemote.dll'
2306428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2307428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2308428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2309428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2310428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2311428.1a94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2312428.1a94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2313428.1a94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2314428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2315428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2316428.1a94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2317428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2318428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2319428.1a94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2320428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2321428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2322428.1a94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
2323428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2324428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2325428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2326428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2327428.1a94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
2328428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2329428.1a94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2330428.1a94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
2331428.1a94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000048ae4e1:<flags> [calling]
2332428.1a94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2333428.1a94: supR3HardenedDllNotificationCallback: load 000007feebd20000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2334428.1a94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2335428.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebd20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2336428.1a94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2337428.1a94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000048ad061:<flags> [calling]
2338428.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\oleaut32.dll'
2339428.1a94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000680 pwszName=\Device\HarddiskVolume5\Windows\System32\sxs.dll
2340428.1a94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2341428.1a94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2342428.1a94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2343428.1a94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\sxs.dll'
2344428.1a94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2345428.1a94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sxs.dll) WinVerifyTrust
2346428.1a94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sxs.dll
2347428.1a94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000048ad611:<flags> [calling]
2348428.1a94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sxs.dll
2349428.1a94: supR3HardenedDllNotificationCallback: load 000007fefc900000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2350428.1a94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sxs.dll
2351428.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\Windows\system32\SXS.DLL'
2352428.1a94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
2353428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2354428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b3b1:<flags> [calling]
2355428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.dll'
2356428.1748: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2357428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b761:<flags> [calling]
2358428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2359428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'C:\Windows\system32\gdi32.dll'
2360428.fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2361428.fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2362428.fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2363428.fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2364428.fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2365428.fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2366428.fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2367428.fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2368428.fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004d79fc1:<flags> [calling]
2369428.fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2370428.fb8: supR3HardenedDllNotificationCallback: load 000007fef9d30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2371428.fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2372428.fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d30000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
2373428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32\user32.dll'
2374428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2375428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020af51:<flags> [calling]
2376428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\Windows\system32\shell32.dll'
2377428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\ADVAPI32.dll'
2378428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2379428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209ca1:<flags> [calling]
2380428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\ole32.dll'
2381428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2382428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209621:<flags> [calling]
2383428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\ole32.dll'
2384428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll
2385428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a571:<flags> [calling]
2386428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeeb0000 'C:\Windows\system32\MSCTF.dll'
2387428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a94 pwszName=\Device\HarddiskVolume5\Windows\System32\oleacc.dll
2388428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2389428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2390428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=983758B257EC045E468EE94302F8817C694D9B03
2391428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\oleacc.dll'
2392428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2393428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2394428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2395428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2396428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2397428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
2398428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleacc.dll) WinVerifyTrust
2399428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleacc.dll
2400428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2401428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2402428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2403428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2404428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2405428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2406428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2407428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2408428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
2409428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2410428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2411428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209801:<flags> [calling]
2412428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleacc.dll
2413428.1748: supR3HardenedDllNotificationCallback: load 000007fefa070000 LB 0x00054000 C:\Windows\system32\oleacc.dll [fFlags=0x0]
2414428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleacc.dll
2415428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa070000 'C:\Windows\system32\oleacc.dll'
2416428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qtguivbox4.dll'.
2417428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
2418428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
2419428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll) WinVerifyTrust
2420428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
2421428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2422428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2423428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
2424428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
2425428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2426428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
2427428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
2428428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2429428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002093e1:<flags> [calling]
2430428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
2431428.1748: supR3HardenedDllNotificationCallback: load 000007feed5f0000 LB 0x0003b000 C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll [fFlags=0x0]
2432428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll
2433428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed5f0000 'C:\Program Files\Oracle\VirtualBox\accessible\qtaccessiblewidgets4.dll'
2434428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2435428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209841:<flags> [calling]
2436428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.DLL'
2437428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleacc.dll
2438428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208a01:<flags> [calling]
2439428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa070000 'C:\Windows\system32\oleacc.dll'
2440428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad4 pwszName=\Device\HarddiskVolume5\Windows\System32\oleacchooks.dll
2441428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2442428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2443428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3AE228BD63C80FCCFE834EC781A017A5E893C88
2444428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\oleacchooks.dll'
2445428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2446428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2447428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
2448428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleacchooks.dll) WinVerifyTrust
2449428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleacchooks.dll
2450428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2451428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2452428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2453428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2454428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEACCHOOKS.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002098e1:<flags> [calling]
2455428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleacchooks.dll
2456428.1748: supR3HardenedDllNotificationCallback: load 000007fef9df0000 LB 0x00007000 C:\Windows\system32\OLEACCHOOKS.DLL [fFlags=0x0]
2457428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleacchooks.dll
2458428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9df0000 'C:\Windows\system32\OLEACCHOOKS.DLL'
2459428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef9df0000 LB 0x00007000 C:\Windows\system32\OLEACCHOOKS.DLL [flags=0x0]
2460428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32\user32.dll'
2461428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2462428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020abd1:<flags> [calling]
2463428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\Windows\system32\shell32.dll'
2464428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2465428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020abd1:<flags> [calling]
2466428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\Windows\system32\shell32.dll'
2467428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\ole32.dll'
2468428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.dll'
2469428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af8 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2470428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2471428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2472428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2473428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll'
2474428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2475428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2476428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2477428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2478428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2479428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2480428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2481428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2482428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2483428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2484428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2485428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2486428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2487428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2488428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2489428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2490428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2491428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2492428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2493428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2494428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b00 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2495428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2496428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2497428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2498428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll'
2499428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2500428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2501428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2502428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2503428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2504428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2505428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust
2506428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2507428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2508428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2509428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2510428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2511428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2512428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2513428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2514428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2515428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2516428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2517428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2518428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2519428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2520428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206cc1:<flags> [calling]
2521428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2522428.1748: supR3HardenedDllNotificationCallback: load 000007fef8320000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2523428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
2524428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2525428.1748: supR3HardenedDllNotificationCallback: load 000007fef85a0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2526428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2527428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8320000 'C:\Windows\system32\wbem\wbemprox.dll'
2528428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2529428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2530428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2531428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2532428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll'
2533428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2534428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2535428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2536428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2537428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2538428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2539428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2540428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
2541428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2542428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2543428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206881:<flags> [calling]
2544428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2545428.1748: supR3HardenedDllNotificationCallback: load 000007fef7db0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2546428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
2547428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7db0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2548428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2549428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2550428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2551428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2552428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll'
2553428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2554428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2555428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2556428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2557428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2558428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2559428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2560428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2561428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2562428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2563428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2564428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b24 pwszName=\Device\HarddiskVolume5\Windows\System32\ntdsapi.dll
2565428.1748: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2566428.1748: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2567428.1748: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2568428.1748: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\ntdsapi.dll'
2569428.1748: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2570428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2571428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2572428.1748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2573428.1748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdsapi.dll) WinVerifyTrust
2574428.1748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdsapi.dll
2575428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2576428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2577428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2578428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2579428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2580428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2581428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2582428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2583428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
2584428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2585428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2586428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2587428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2588428.1748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2589428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2590428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2591428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2592428.1748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2593428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002068c1:<flags> [calling]
2594428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2595428.1748: supR3HardenedDllNotificationCallback: load 000007fef8360000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2596428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
2597428.1748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntdsapi.dll
2598428.1748: supR3HardenedDllNotificationCallback: load 000007fef8330000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2599428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ntdsapi.dll
2600428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8360000 'C:\Windows\system32\wbem\fastprox.dll'
2601428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.dll'
2602428.1748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
2603428.1748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206971:<flags> [calling]
2604428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa960000 'C:\Windows\system32\WINMM.dll'
2605428.1748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.DLL'
2606428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2607428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2608428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2609428.1ab4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2610428.1ab4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2611428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2612428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2613428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2614428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2615428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2616428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2617428.1ab4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2618428.1ab4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2619428.1ab4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2620428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2621428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2622428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2623428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2624428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2625428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2626428.1ab4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2627428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2628428.1ab4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2629428.1ab4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fbe8e1:<flags> [calling]
2630428.1ab4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2631428.1ab4: supR3HardenedDllNotificationCallback: load 000007feeb1f0000 LB 0x00273000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2632428.1ab4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2633428.1ab4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2634428.1ab4: supR3HardenedDllNotificationCallback: load 0000000056130000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2635428.1ab4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxREM.dll
2636428.1ab4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb1f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2637428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c04 pwszName=\Device\HarddiskVolume5\Windows\System32\netcfgx.dll
2638428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2639428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2640428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2641428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\netcfgx.dll'
2642428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2643428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2644428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2645428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2646428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2647428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2648428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2649428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2650428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2651428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netcfgx.dll) WinVerifyTrust
2652428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
2653428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2654428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2655428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be8 pwszName=\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
2656428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2657428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2658428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2659428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL'
2660428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2661428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2662428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2663428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2664428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2665428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2666428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
2667428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2668428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2669428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
2670428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2671428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2672428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2673428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2674428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2675428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2676428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2677428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2678428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2679428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2680428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2681428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2682428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
2683428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2684428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2685428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2686428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2687428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c0c pwszName=\Device\HarddiskVolume5\Windows\System32\winnsi.dll
2688428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2689428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2690428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2691428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume5\Windows\System32\winnsi.dll'
2692428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2693428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2694428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2695428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2696428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winnsi.dll) WinVerifyTrust
2697428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winnsi.dll
2698428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2699428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2700428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
2701428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2702428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2703428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2704428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2705428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
2706428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2707428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2708428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2709428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2710428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007ae8f21:<flags> [calling]
2711428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
2712428.1580: supR3HardenedDllNotificationCallback: load 000007fef8150000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2713428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netcfgx.dll
2714428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
2715428.1580: supR3HardenedDllNotificationCallback: load 000007fefa3d0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2716428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
2717428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
2718428.1580: supR3HardenedDllNotificationCallback: load 000007fefa370000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2719428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winnsi.dll
2720428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8150000 'C:\Windows\system32\netcfgx.dll'
2721428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
2722428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aea651:<flags> [calling]
2723428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeaa0000 'C:\Windows\system32\SETUPAPI.dll'
2724428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2725428.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\devrtl.dll)
2726428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devrtl.dll
2727428.1580: supR3HardenedDllNotificationCallback: load 000007fefbcd0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2728428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2729428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c1c pwszName=\Device\HarddiskVolume5\Windows\System32\devrtl.dll
2730428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
2731428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
2732428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2733428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\devrtl.dll'
2734428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2735428.1580: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\devrtl.dll'
2736428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
2737428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2738428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2739428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aea3f1:<flags> [calling]
2740428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\WINTRUST.dll'
2741428.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2742428.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2743428.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2744428.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2745428.1064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2746428.1064: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2747428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2748428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2749428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2750428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2751428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2752428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2753428.1064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2754428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2755428.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2756428.1064: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000080ed831:<flags> [calling]
2757428.1064: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2758428.1064: supR3HardenedDllNotificationCallback: load 000007fefb7d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2759428.1064: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2760428.1064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb7d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2761428.1064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ab0000 'C:\Windows\system32/User32.dll'
2762428.162c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2763428.162c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2764428.162c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2765428.162c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2766428.162c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2767428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2768428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2769428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2770428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2771428.162c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
2772428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2773428.162c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2774428.162c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000851d841:<flags> [calling]
2775428.162c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2776428.162c: supR3HardenedDllNotificationCallback: load 000007fef9d40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2777428.162c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2778428.162c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d40000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2779428.14a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2780428.14a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2781428.14a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2782428.14a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2783428.14a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2784428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2785428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2786428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2787428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2788428.14a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll
2789428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2790428.14a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2791428.14a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000822de21:<flags> [calling]
2792428.14a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2793428.14a8: supR3HardenedDllNotificationCallback: load 000007fef9d20000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2794428.14a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2795428.14a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d20000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2796428.1994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2797428.1994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2798428.1994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2799428.1994: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2800428.1994: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2801428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2802428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2803428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2804428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2805428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2806428.1994: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2807428.1994: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000089cda11:<flags> [calling]
2808428.1994: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2809428.1994: supR3HardenedDllNotificationCallback: load 000007fef9d10000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2810428.1994: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2811428.1994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2812428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
2813428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007ae8921:<flags> [calling]
2814428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\Windows\system32/Shell32.dll'
2815428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\ole32.dll'
2816428.1580: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007ae7571:<flags> [calling]
2817428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2818428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll
2819428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007ae75b1:<flags> [calling]
2820428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\profapi.dll'
2821428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2822428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007ae98b1:<flags> [calling]
2823428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb1f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2824428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2825428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2826428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2827428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2828428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2829428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2830428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2831428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2832428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2833428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
2834428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2835428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2836428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
2837428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2838428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2839428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2840428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2841428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2842428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2843428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll
2844428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aeaa61:<flags> [calling]
2845428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2846428.1580: supR3HardenedDllNotificationCallback: load 000007fef9ce0000 LB 0x0002c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2847428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2848428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ce0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2849428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef9ce0000 LB 0x0002c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2850428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2851428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2852428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2853428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2854428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2855428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2856428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2857428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2858428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2859428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2860428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2861428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
2862428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2863428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2864428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
2865428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2866428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2867428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2868428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2869428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
2870428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2871428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2872428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
2873428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2874428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2875428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2876428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2877428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2878428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2879428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2880428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2881428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2882428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2883428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2884428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2885428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2886428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2887428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2888428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2889428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2890428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2891428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2892428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2893428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2894428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2895428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2896428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2897428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2898428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2899428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2900428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2901428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2902428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
2903428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2904428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2905428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2906428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2907428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2908428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2909428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2910428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2911428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2912428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2913428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2914428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2915428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2916428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed561:<flags> [calling]
2917428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
2918428.1580: supR3HardenedDllNotificationCallback: load 000007feea930000 LB 0x008bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2919428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
2920428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2921428.1580: supR3HardenedDllNotificationCallback: load 000007feed170000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2922428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2923428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2924428.1580: supR3HardenedDllNotificationCallback: load 000007fef9cd0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2925428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2926428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea930000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2927428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2928428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed561:<flags> [calling]
2929428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2930428.1580: supR3HardenedDllNotificationCallback: load 000007fef8950000 LB 0x0002c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2931428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2932428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8950000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2933428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2934428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed561:<flags> [calling]
2935428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
2936428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebd20000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2937428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2938428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed471:<flags> [calling]
2939428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2940428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9cd0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2941428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2942428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2943428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2944428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2945428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2946428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2947428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2948428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2949428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed471:<flags> [calling]
2950428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2951428.1580: supR3HardenedDllNotificationCallback: load 000007fef8930000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2952428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2953428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8930000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
2954428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2955428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2956428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2957428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2958428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2959428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2960428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2961428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2962428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed471:<flags> [calling]
2963428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2964428.1580: supR3HardenedDllNotificationCallback: load 000007fef9520000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2965428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2966428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9520000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
2967428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2968428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2969428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2970428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2971428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2972428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2973428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2974428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2975428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed471:<flags> [calling]
2976428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2977428.1580: supR3HardenedDllNotificationCallback: load 000007fef7370000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2978428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2979428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7370000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
2980428.b38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2981428.b38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2982428.b38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2983428.b38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2984428.b38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2985428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2986428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2987428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2988428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2989428.b38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2990428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2991428.b38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2992428.b38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a55dba1:<flags> [calling]
2993428.b38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2994428.b38: supR3HardenedDllNotificationCallback: load 000007fef7360000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2995428.b38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2996428.b38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7360000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2997428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2998428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2999428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3000428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
3001428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3002428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3003428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3004428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3005428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3006428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3007428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3008428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3009428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3010428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3011428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aeeaf1:<flags> [calling]
3012428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3013428.1580: supR3HardenedDllNotificationCallback: load 000007fef7230000 LB 0x0008a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3014428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3015428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7230000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
3016428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
3017428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aed811:<flags> [calling]
3018428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
3019428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3d0000 'C:\Windows\system32/Iphlpapi.dll'
3020428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e5c pwszName=\Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll
3021428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
3022428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
3023428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
3024428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll'
3025428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3026428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3027428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3028428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3029428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
3030428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll
3031428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3032428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3033428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
3034428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3035428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3036428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3037428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3038428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aee4b1:<flags> [calling]
3039428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll
3040428.1580: supR3HardenedDllNotificationCallback: load 000007fefa1b0000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
3041428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dhcpcsvc6.dll
3042428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\dhcpcsvc6.DLL'
3043428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
3044428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aee1d1:<flags> [calling]
3045428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3d0000 'C:\Windows\system32\IPHLPAPI.DLL'
3046428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll
3047428.1580: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008916f0
3048428.1580: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008916f0
3049428.1580: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
3050428.1580: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll'
3051428.1580: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3052428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3053428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3054428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3055428.1580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3056428.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
3057428.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll
3058428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3059428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3060428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll
3061428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3062428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3063428.1580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
3064428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3065428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3066428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3067428.1580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3068428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aee501:<flags> [calling]
3069428.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll
3070428.1580: supR3HardenedDllNotificationCallback: load 000007fefa050000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
3071428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dhcpcsvc.dll
3072428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\system32\dhcpcsvc.DLL'
3073428.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
3074428.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007aee161:<flags> [calling]
3075428.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3d0000 'C:\Windows\system32\IPHLPAPI.DLL'
3076428.1338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\OLEAUT32.dll'
3077428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef7370000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3078428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef9520000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3079428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef8930000 LB 0x0001d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3080428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef8950000 LB 0x0002c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3081428.1580: supR3HardenedDllNotificationCallback: Unload 000007feea930000 LB 0x008bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3082428.1580: supR3HardenedDllNotificationCallback: Unload 000007fef9cd0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3083428.1580: supR3HardenedDllNotificationCallback: Unload 000007feed170000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3084428.b38: supR3HardenedDllNotificationCallback: Unload 000007fef7360000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3085428.1994: supR3HardenedDllNotificationCallback: Unload 000007fef9d10000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3086428.14a8: supR3HardenedDllNotificationCallback: Unload 000007fef9d20000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3087428.162c: supR3HardenedDllNotificationCallback: Unload 000007fef9d40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3088428.1064: supR3HardenedDllNotificationCallback: Unload 000007fefb7d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3089428.fb8: supR3HardenedDllNotificationCallback: Unload 000007fef9d30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
3090428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef8150000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
3091428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef8360000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
3092428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef8330000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
3093428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef7db0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
3094428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef8320000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
3095428.1748: supR3HardenedDllNotificationCallback: Unload 000007fef85a0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
3096428.1748: supR3HardenedDllNotificationCallback: Unload 000007feebd20000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3097428.1748: Terminating the normal way: rcExit=0
30981324.18d8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2243 ms, the end);
30991168.358: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2841 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy