VirtualBox

Ticket #15744: VBoxHardening.log

File VBoxHardening.log, 210.8 KB (added by Solrac42, 8 years ago)
Line 
1f48.5b0: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2f48.5b0: \SystemRoot\System32\ntdll.dll:
3f48.5b0: CreationTime: 2015-12-02T14:02:30.662842700Z
4f48.5b0: LastWriteTime: 2015-10-20T01:09:05.164170200Z
5f48.5b0: ChangeTime: 2015-12-02T15:48:45.539639700Z
6f48.5b0: FileAttributes: 0x20
7f48.5b0: Size: 0x1a67c0
8f48.5b0: NT Headers: 0xe0
9f48.5b0: Timestamp: 0x56259295
10f48.5b0: Machine: 0x8664 - amd64
11f48.5b0: Timestamp: 0x56259295
12f48.5b0: Image Version: 6.1
13f48.5b0: SizeOfImage: 0x1a9000 (1740800)
14f48.5b0: Resource Dir: 0x14d000 LB 0x5a028
15f48.5b0: ProductName: Microsoft® Windows® Operating System
16f48.5b0: ProductVersion: 6.1.7601.19045
17f48.5b0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
18f48.5b0: FileDescription: NT Layer DLL
19f48.5b0: \SystemRoot\System32\kernel32.dll:
20f48.5b0: CreationTime: 2015-12-02T14:02:30.132441700Z
21f48.5b0: LastWriteTime: 2015-10-20T01:05:40.819000000Z
22f48.5b0: ChangeTime: 2015-12-02T15:48:45.617639900Z
23f48.5b0: FileAttributes: 0x20
24f48.5b0: Size: 0x11c600
25f48.5b0: NT Headers: 0xe8
26f48.5b0: Timestamp: 0x56259270
27f48.5b0: Machine: 0x8664 - amd64
28f48.5b0: Timestamp: 0x56259270
29f48.5b0: Image Version: 6.1
30f48.5b0: SizeOfImage: 0x120000 (1179648)
31f48.5b0: Resource Dir: 0x117000 LB 0x528
32f48.5b0: ProductName: Microsoft® Windows® Operating System
33f48.5b0: ProductVersion: 6.1.7601.19045
34f48.5b0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
35f48.5b0: FileDescription: Windows NT BASE API Client DLL
36f48.5b0: \SystemRoot\System32\KernelBase.dll:
37f48.5b0: CreationTime: 2015-12-02T14:02:30.070041600Z
38f48.5b0: LastWriteTime: 2015-10-20T01:05:40.819000000Z
39f48.5b0: ChangeTime: 2015-12-02T15:48:45.617639900Z
40f48.5b0: FileAttributes: 0x20
41f48.5b0: Size: 0x67c00
42f48.5b0: NT Headers: 0xe8
43f48.5b0: Timestamp: 0x56259271
44f48.5b0: Machine: 0x8664 - amd64
45f48.5b0: Timestamp: 0x56259271
46f48.5b0: Image Version: 6.1
47f48.5b0: SizeOfImage: 0x6c000 (442368)
48f48.5b0: Resource Dir: 0x6a000 LB 0x530
49f48.5b0: ProductName: Microsoft® Windows® Operating System
50f48.5b0: ProductVersion: 6.1.7601.19045
51f48.5b0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
52f48.5b0: FileDescription: Windows NT BASE API Client DLL
53f48.5b0: \SystemRoot\System32\apisetschema.dll:
54f48.5b0: CreationTime: 2015-12-02T14:02:29.524040700Z
55f48.5b0: LastWriteTime: 2015-10-20T00:53:47.280000000Z
56f48.5b0: ChangeTime: 2015-12-02T15:48:45.539639700Z
57f48.5b0: FileAttributes: 0x20
58f48.5b0: Size: 0x1a00
59f48.5b0: NT Headers: 0xc0
60f48.5b0: Timestamp: 0x562590e2
61f48.5b0: Machine: 0x8664 - amd64
62f48.5b0: Timestamp: 0x562590e2
63f48.5b0: Image Version: 6.1
64f48.5b0: SizeOfImage: 0x50000 (327680)
65f48.5b0: Resource Dir: 0x30000 LB 0x3f8
66f48.5b0: ProductName: Microsoft® Windows® Operating System
67f48.5b0: ProductVersion: 6.1.7601.19045
68f48.5b0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
69f48.5b0: FileDescription: ApiSet Schema DLL
70f48.5b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71f48.5b0: supR3HardenedWinFindAdversaries: 0x0
72f48.5b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
73f48.5b0: Calling main()
74f48.5b0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75f48.5b0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
76f48.5b0: SUPR3HardenedMain: Respawn #1
77f48.5b0: System32: \Device\HarddiskVolume3\Windows\System32
78f48.5b0: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
79f48.5b0: KnownDllPath: C:\Windows\system32
80f48.5b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81f48.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82f48.5b0: supR3HardNtEnableThreadCreation:
83f48.5b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bb630 pvNtTerminateThread=00000000777ddee0
84f48.5b0: supR3HardenedWinDoReSpawn(1): New child e34.5d8 [kernel32].
85f48.5b0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
86f48.5b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
87f48.5b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777bb630
88f48.5b0: supR3HardenedWinSetupChildInit: Start child.
89f48.5b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90f48.5b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 21 sleeps
91f48.5b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92f48.5b0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
93f48.5b0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
94f48.5b0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
95f48.5b0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
96f48.5b0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
97f48.5b0: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
98f48.5b0: *0000000000070000-fffffffffff73fff 0x0000/0x0004 0x0020000
99f48.5b0: 000000000016c000-0000000000169fff 0x0104/0x0004 0x0020000
100f48.5b0: 000000000016e000-000000000016bfff 0x0004/0x0004 0x0020000
101f48.5b0: 0000000000170000-ffffffff88b4ffff 0x0001/0x0000 0x0000000
102f48.5b0: *0000000077790000-0000000077790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
103f48.5b0: 0000000077791000-000000007788efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
104f48.5b0: 000000007788f000-00000000778bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
105f48.5b0: 00000000778be000-00000000778c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
106f48.5b0: 00000000778c6000-00000000778c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
107f48.5b0: 00000000778c7000-00000000778c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
108f48.5b0: 00000000778ca000-0000000077938fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
109f48.5b0: 0000000077939000-0000000070291fff 0x0001/0x0000 0x0000000
110f48.5b0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
111f48.5b0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
112f48.5b0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
113f48.5b0: 000000007fff0000-ffffffffc034ffff 0x0001/0x0000 0x0000000
114f48.5b0: *000000013fc90000-000000013fc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
115f48.5b0: 000000013fc91000-000000013fcfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
116f48.5b0: 000000013fd00000-000000013fd00fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
117f48.5b0: 000000013fd01000-000000013fd44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
118f48.5b0: 000000013fd45000-000000013fd45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
119f48.5b0: 000000013fd46000-000000013fd46fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
120f48.5b0: 000000013fd47000-000000013fd4bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
121f48.5b0: 000000013fd4c000-000000013fd4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
122f48.5b0: 000000013fd4d000-000000013fd4dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
123f48.5b0: 000000013fd4e000-000000013fd51fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
124f48.5b0: 000000013fd52000-000000013fd99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
125f48.5b0: 000000013fd9a000-fffff80380083fff 0x0001/0x0000 0x0000000
126f48.5b0: *000007feffab0000-000007feffab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
127f48.5b0: 000007feffab1000-000007fdff5b1fff 0x0001/0x0000 0x0000000
128f48.5b0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
129f48.5b0: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
130f48.5b0: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
131f48.5b0: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
132f48.5b0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
133f48.5b0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
134f48.5b0: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
135f48.5b0: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
136f48.5b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
137f48.5b0: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
138f48.5b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
139f48.5b0: supR3HardNtChildPurify: Done after 278 ms and 0 fixes (loop #0).
140e34.5d8: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
141e34.5d8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000 g_uNtVerCombined=0x611db100
142e34.5d8: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
143e34.5d8: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
144f48.5b0: supR3HardNtEnableThreadCreation:
145e34.5d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
146e34.5d8: System32: \Device\HarddiskVolume3\Windows\System32
147e34.5d8: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
148e34.5d8: KnownDllPath: C:\Windows\system32
149e34.5d8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
150e34.5d8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
151e34.5d8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
152e34.5d8: Registered Dll notification callback with NTDLL.
153e34.5d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
154e34.5d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
155e34.5d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
156e34.5d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
157e34.5d8: supR3HardenedDllNotificationCallback: load 0000000077570000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
158e34.5d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
159e34.5d8: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
160e34.5d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
161e34.5d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
162e34.5d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
163e34.5d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bb630 pvNtTerminateThread=00000000777ddee0
164f48.5b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 18 ms.
165e34.5d8: \SystemRoot\System32\ntdll.dll:
166e34.5d8: CreationTime: 2015-12-02T14:02:30.662842700Z
167e34.5d8: LastWriteTime: 2015-10-20T01:09:05.164170200Z
168e34.5d8: ChangeTime: 2015-12-02T15:48:45.539639700Z
169e34.5d8: FileAttributes: 0x20
170e34.5d8: Size: 0x1a67c0
171e34.5d8: NT Headers: 0xe0
172e34.5d8: Timestamp: 0x56259295
173e34.5d8: Machine: 0x8664 - amd64
174e34.5d8: Timestamp: 0x56259295
175e34.5d8: Image Version: 6.1
176e34.5d8: SizeOfImage: 0x1a9000 (1740800)
177e34.5d8: Resource Dir: 0x14d000 LB 0x5a028
178e34.5d8: ProductName: Microsoft® Windows® Operating System
179e34.5d8: ProductVersion: 6.1.7601.19045
180e34.5d8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
181e34.5d8: FileDescription: NT Layer DLL
182e34.5d8: \SystemRoot\System32\kernel32.dll:
183e34.5d8: CreationTime: 2015-12-02T14:02:30.132441700Z
184e34.5d8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
185e34.5d8: ChangeTime: 2015-12-02T15:48:45.617639900Z
186e34.5d8: FileAttributes: 0x20
187e34.5d8: Size: 0x11c600
188e34.5d8: NT Headers: 0xe8
189e34.5d8: Timestamp: 0x56259270
190e34.5d8: Machine: 0x8664 - amd64
191e34.5d8: Timestamp: 0x56259270
192e34.5d8: Image Version: 6.1
193e34.5d8: SizeOfImage: 0x120000 (1179648)
194e34.5d8: Resource Dir: 0x117000 LB 0x528
195e34.5d8: ProductName: Microsoft® Windows® Operating System
196e34.5d8: ProductVersion: 6.1.7601.19045
197e34.5d8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
198e34.5d8: FileDescription: Windows NT BASE API Client DLL
199e34.5d8: \SystemRoot\System32\KernelBase.dll:
200e34.5d8: CreationTime: 2015-12-02T14:02:30.070041600Z
201e34.5d8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
202e34.5d8: ChangeTime: 2015-12-02T15:48:45.617639900Z
203e34.5d8: FileAttributes: 0x20
204e34.5d8: Size: 0x67c00
205e34.5d8: NT Headers: 0xe8
206e34.5d8: Timestamp: 0x56259271
207e34.5d8: Machine: 0x8664 - amd64
208e34.5d8: Timestamp: 0x56259271
209e34.5d8: Image Version: 6.1
210e34.5d8: SizeOfImage: 0x6c000 (442368)
211e34.5d8: Resource Dir: 0x6a000 LB 0x530
212e34.5d8: ProductName: Microsoft® Windows® Operating System
213e34.5d8: ProductVersion: 6.1.7601.19045
214e34.5d8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
215e34.5d8: FileDescription: Windows NT BASE API Client DLL
216e34.5d8: \SystemRoot\System32\apisetschema.dll:
217e34.5d8: CreationTime: 2015-12-02T14:02:29.524040700Z
218e34.5d8: LastWriteTime: 2015-10-20T00:53:47.280000000Z
219e34.5d8: ChangeTime: 2015-12-02T15:48:45.539639700Z
220e34.5d8: FileAttributes: 0x20
221e34.5d8: Size: 0x1a00
222e34.5d8: NT Headers: 0xc0
223e34.5d8: Timestamp: 0x562590e2
224e34.5d8: Machine: 0x8664 - amd64
225e34.5d8: Timestamp: 0x562590e2
226e34.5d8: Image Version: 6.1
227e34.5d8: SizeOfImage: 0x50000 (327680)
228e34.5d8: Resource Dir: 0x30000 LB 0x3f8
229e34.5d8: ProductName: Microsoft® Windows® Operating System
230e34.5d8: ProductVersion: 6.1.7601.19045
231e34.5d8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
232e34.5d8: FileDescription: ApiSet Schema DLL
233e34.5d8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
234e34.5d8: supR3HardenedWinFindAdversaries: 0x0
235e34.5d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
236e34.5d8: Calling main()
237e34.5d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
238e34.5d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
239e34.5d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
240e34.5d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
241e34.5d8: SUPR3HardenedMain: Respawn #2
242e34.5d8: supR3HardNtEnableThreadCreation:
243e34.5d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
244e34.5d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
245e34.5d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
246e34.5d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
247e34.5d8: supR3HardenedDllNotificationCallback: load 000007fefd380000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
248e34.5d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
249e34.5d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd380000 'C:\Windows\system32\apphelp.dll'
250e34.5d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bb630 pvNtTerminateThread=00000000777ddee0
251e34.5d8: supR3HardenedWinDoReSpawn(2): New child d44.bc4 [kernel32].
252e34.5d8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
253e34.5d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
254e34.5d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777bb630
255e34.5d8: supR3HardenedWinSetupChildInit: Start child.
256e34.5d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
257e34.5d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
258e34.5d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
259e34.5d8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
260e34.5d8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
261e34.5d8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
262e34.5d8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
263e34.5d8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
264e34.5d8: 0000000000041000-fffffffffffb1fff 0x0001/0x0000 0x0000000
265e34.5d8: *00000000000d0000-fffffffffffd3fff 0x0000/0x0004 0x0020000
266e34.5d8: 00000000001cc000-00000000001c9fff 0x0104/0x0004 0x0020000
267e34.5d8: 00000000001ce000-00000000001cbfff 0x0004/0x0004 0x0020000
268e34.5d8: 00000000001d0000-ffffffff88c0ffff 0x0001/0x0000 0x0000000
269e34.5d8: *0000000077790000-0000000077790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
270e34.5d8: 0000000077791000-000000007788efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
271e34.5d8: 000000007788f000-00000000778bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
272e34.5d8: 00000000778be000-00000000778c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
273e34.5d8: 00000000778c6000-00000000778c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
274e34.5d8: 00000000778c7000-00000000778c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
275e34.5d8: 00000000778ca000-0000000077938fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
276e34.5d8: 0000000077939000-0000000070291fff 0x0001/0x0000 0x0000000
277e34.5d8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
278e34.5d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
279e34.5d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
280e34.5d8: 000000007fff0000-ffffffffc034ffff 0x0001/0x0000 0x0000000
281e34.5d8: *000000013fc90000-000000013fc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
282e34.5d8: 000000013fc91000-000000013fcfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
283e34.5d8: 000000013fd00000-000000013fd00fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
284e34.5d8: 000000013fd01000-000000013fd44fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
285e34.5d8: 000000013fd45000-000000013fd45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
286e34.5d8: 000000013fd46000-000000013fd46fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
287e34.5d8: 000000013fd47000-000000013fd4bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
288e34.5d8: 000000013fd4c000-000000013fd4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
289e34.5d8: 000000013fd4d000-000000013fd4dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
290e34.5d8: 000000013fd4e000-000000013fd51fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
291e34.5d8: 000000013fd52000-000000013fd99fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
292e34.5d8: 000000013fd9a000-fffff80380083fff 0x0001/0x0000 0x0000000
293e34.5d8: *000007feffab0000-000007feffab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
294e34.5d8: 000007feffab1000-000007fdff5b1fff 0x0001/0x0000 0x0000000
295e34.5d8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
296e34.5d8: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
297e34.5d8: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
298e34.5d8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
299e34.5d8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
300e34.5d8: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
301e34.5d8: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
302e34.5d8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
303e34.5d8: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
304e34.5d8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
305e34.5d8: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
306d44.bc4: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
307d44.bc4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000 g_uNtVerCombined=0x611db100
308d44.bc4: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
309d44.bc4: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1740800 allocation)
310e34.5d8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
311e34.5d8: supR3HardNtEnableThreadCreation:
312d44.bc4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
313d44.bc4: System32: \Device\HarddiskVolume3\Windows\System32
314d44.bc4: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
315d44.bc4: KnownDllPath: C:\Windows\system32
316d44.bc4: supR3HardenedVmProcessInit: Opening vboxdrv...
317d44.bc4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
318d44.bc4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
319d44.bc4: Registered Dll notification callback with NTDLL.
320d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
321d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
322d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
323d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
324d44.bc4: supR3HardenedDllNotificationCallback: load 0000000077570000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
325d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
326d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
327d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
328d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
329d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
330d44.bc4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777bb630 pvNtTerminateThread=00000000777ddee0
331e34.5d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 22 ms.
332d44.bc4: \SystemRoot\System32\ntdll.dll:
333d44.bc4: CreationTime: 2015-12-02T14:02:30.662842700Z
334d44.bc4: LastWriteTime: 2015-10-20T01:09:05.164170200Z
335d44.bc4: ChangeTime: 2015-12-02T15:48:45.539639700Z
336d44.bc4: FileAttributes: 0x20
337d44.bc4: Size: 0x1a67c0
338d44.bc4: NT Headers: 0xe0
339d44.bc4: Timestamp: 0x56259295
340d44.bc4: Machine: 0x8664 - amd64
341d44.bc4: Timestamp: 0x56259295
342d44.bc4: Image Version: 6.1
343d44.bc4: SizeOfImage: 0x1a9000 (1740800)
344d44.bc4: Resource Dir: 0x14d000 LB 0x5a028
345d44.bc4: ProductName: Microsoft® Windows® Operating System
346d44.bc4: ProductVersion: 6.1.7601.19045
347d44.bc4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
348d44.bc4: FileDescription: NT Layer DLL
349d44.bc4: \SystemRoot\System32\kernel32.dll:
350d44.bc4: CreationTime: 2015-12-02T14:02:30.132441700Z
351d44.bc4: LastWriteTime: 2015-10-20T01:05:40.819000000Z
352d44.bc4: ChangeTime: 2015-12-02T15:48:45.617639900Z
353d44.bc4: FileAttributes: 0x20
354d44.bc4: Size: 0x11c600
355d44.bc4: NT Headers: 0xe8
356d44.bc4: Timestamp: 0x56259270
357d44.bc4: Machine: 0x8664 - amd64
358d44.bc4: Timestamp: 0x56259270
359d44.bc4: Image Version: 6.1
360d44.bc4: SizeOfImage: 0x120000 (1179648)
361d44.bc4: Resource Dir: 0x117000 LB 0x528
362d44.bc4: ProductName: Microsoft® Windows® Operating System
363d44.bc4: ProductVersion: 6.1.7601.19045
364d44.bc4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
365d44.bc4: FileDescription: Windows NT BASE API Client DLL
366d44.bc4: \SystemRoot\System32\KernelBase.dll:
367d44.bc4: CreationTime: 2015-12-02T14:02:30.070041600Z
368d44.bc4: LastWriteTime: 2015-10-20T01:05:40.819000000Z
369d44.bc4: ChangeTime: 2015-12-02T15:48:45.617639900Z
370d44.bc4: FileAttributes: 0x20
371d44.bc4: Size: 0x67c00
372d44.bc4: NT Headers: 0xe8
373d44.bc4: Timestamp: 0x56259271
374d44.bc4: Machine: 0x8664 - amd64
375d44.bc4: Timestamp: 0x56259271
376d44.bc4: Image Version: 6.1
377d44.bc4: SizeOfImage: 0x6c000 (442368)
378d44.bc4: Resource Dir: 0x6a000 LB 0x530
379d44.bc4: ProductName: Microsoft® Windows® Operating System
380d44.bc4: ProductVersion: 6.1.7601.19045
381d44.bc4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
382d44.bc4: FileDescription: Windows NT BASE API Client DLL
383d44.bc4: \SystemRoot\System32\apisetschema.dll:
384d44.bc4: CreationTime: 2015-12-02T14:02:29.524040700Z
385d44.bc4: LastWriteTime: 2015-10-20T00:53:47.280000000Z
386d44.bc4: ChangeTime: 2015-12-02T15:48:45.539639700Z
387d44.bc4: FileAttributes: 0x20
388d44.bc4: Size: 0x1a00
389d44.bc4: NT Headers: 0xc0
390d44.bc4: Timestamp: 0x562590e2
391d44.bc4: Machine: 0x8664 - amd64
392d44.bc4: Timestamp: 0x562590e2
393d44.bc4: Image Version: 6.1
394d44.bc4: SizeOfImage: 0x50000 (327680)
395d44.bc4: Resource Dir: 0x30000 LB 0x3f8
396d44.bc4: ProductName: Microsoft® Windows® Operating System
397d44.bc4: ProductVersion: 6.1.7601.19045
398d44.bc4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
399d44.bc4: FileDescription: ApiSet Schema DLL
400d44.bc4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
401d44.bc4: supR3HardenedWinFindAdversaries: 0x0
402d44.bc4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
403d44.bc4: Calling main()
404d44.bc4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
405d44.bc4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
406d44.bc4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
407d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
408d44.bc4: SUPR3HardenedMain: Final process, opening VBoxDrv...
409d44.bc4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
410d44.bc4: supR3HardNtEnableThreadCreation:
411d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
412d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
413d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000803c60:C:\Windows\system32 [calling]
414d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
415d44.bc4: supR3HardenedDllNotificationCallback: load 000007feeba60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
416d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
417d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
418d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
419d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
420d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
421d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
422d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
423d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
424d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
425d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
426d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
427d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
428d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
429d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
430d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
431d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
432d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
433d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
434d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
435d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
436d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
437d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
438d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
439d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
440d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
441d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
442d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
443d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
444d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
445d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
446d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
447d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
448d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
449d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
450d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
451d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
452d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
453d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
454d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000803c60:C:\Windows\system32 [calling]
455d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
456d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
457d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
458d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe9a0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
459d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
460d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
461d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
462d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
463d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
464d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff790000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
465d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
466d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\Wintrust.dll'
467d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
468d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
469d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000830e80:C:\Windows\system32 [calling]
470d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
471d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefced0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
472d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
473d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefced0000 'C:\Windows\system32\bcrypt.dll'
474d44.bc4: bcrypt.dll loaded at 000007fefced0000, BCryptOpenAlgorithmProvider at 000007fefced2640, preloading providers:
475d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
476d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
477d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
478d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
479d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
480d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
481d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
482d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
483d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
484d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
485d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
486d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
487d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
488d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
489d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
490d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
491d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
492d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
493d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
494d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
495d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
496d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefc980000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
497d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
498d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff630000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
499d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
500d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
501d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
502d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
503d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
504d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff610000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
505d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
506d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc980000 'C:\Windows\system32\bcryptprimitives.dll'
507d44.bc4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008324e0)
508d44.bc4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008343a0)
509d44.bc4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008344c0)
510d44.bc4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008346d0)
511d44.bc4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008347f0)
512d44.bc4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000834910)
513d44.bc4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000834b50)
514d44.bc4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000834c70)
515d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
516d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
517d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
518d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
519d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
520d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
521d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
522d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
523d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
524d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
525d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefcd40000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
526d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
527d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd40000 'C:\Windows\system32\CRYPTSP.dll'
528d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
529d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
530d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
531d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
532d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
533d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
534d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
535d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
536d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefca40000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
537d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
538d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca40000 'C:\Windows\system32\rsaenh.dll'
539d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
540d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
541d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff630000 'C:\Windows\system32\ADVAPI32.dll'
542d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
543d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
544d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
545d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
546d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd3e0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
547d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
548d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3e0000 'C:\Windows\system32\CRYPTBASE.dll'
549d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
550d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
551d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
552d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
553d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
554d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\WINTRUST.DLL'
555d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
556d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
557d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\CRYPT32.dll'
558d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
559d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
560d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
561d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
562d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
563d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
564d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
565d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
566d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
567d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
568d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
569d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
570d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
571d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
572d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8d0000 'C:\Windows\system32\imagehlp.dll'
573d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
574d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
575d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd40000 'C:\Windows\system32\CRYPTSP.dll'
576d44.bc4: \Device\HarddiskVolume3\Windows\System32\user32.dll: Owner is administrators group.
577d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
578d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
579d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
580d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
581d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
582d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
583d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
584d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
585d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
586d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
587d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
588d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
589d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
590d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
591d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
592d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
593d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
594d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
595d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
596d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
597d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
598d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
599d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
600d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
601d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
602d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
603d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
604d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
605d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
606d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
607d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
608d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
609d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
610d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
611d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
612d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
613d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
614d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
615d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
616d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
617d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
618d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
619d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
620d44.bc4: supR3HardenedDllNotificationCallback: load 0000000077690000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
621d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
622d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff000000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
623d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
624d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe840000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
625d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
626d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefea40000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
627d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
628d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
629d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
630d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff000000 'C:\Windows\system32\gdi32.dll'
631d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
632d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
633d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
634d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
635d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
636d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
637d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
638d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
639d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
640d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
641d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
642d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
643d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
644d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
645d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
646d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
647d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
648d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
649d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
650d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
651d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
652d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
654d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
655d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
656d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
657d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
658d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
659d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
660d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
661d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
662d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
663d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
664d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefeb10000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
665d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
666d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
667d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
668d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\IMM32.DLL'
669d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32\USER32.dll'
670d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
671d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
672d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
673d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
674d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
675d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
676d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
677d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
678d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
679d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
680d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
681d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
682d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
683d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
684d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
685d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
686d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
687d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
688d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\ncrypt.dll'
689d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
690d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
691d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefced0000 'C:\Windows\system32\bcrypt.dll'
692d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
693d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
694d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
695d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
696d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
697d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
698d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
699d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
700d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
701d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
702d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
703d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
704d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
705d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
706d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
707d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
708d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
709d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
710d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
711d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
712d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
713d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
714d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
715d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd550000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
716d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
717d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\USERENV.dll'
718d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
719d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
720d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
721d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
722d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
723d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
724d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
725d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
726d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
727d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
728d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
729d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
730d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
731d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
732d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
733d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
734d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
735d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
736d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\GPAPI.dll'
737d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
738d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-WIN-Service-Management-L1-1-0.dll'
739d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
740d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
741d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff790000 'C:\Windows\system32\rpcrt4.dll'
742d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
743d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-WIN-Service-Management-L2-1-0.dll'
744d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
745d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
746d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
747d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
748d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
749d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
750d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
751d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
752d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
753d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
754d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
755d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
756d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
757d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
758d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
759d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
760d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
761d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
762d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
763d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
764d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
765d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
766d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
767d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
768d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
769d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
770d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefa6f0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
772d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
773d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff5b0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
774d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
775d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
777d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
778d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
779d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
780d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
781d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
783d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
784d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
786d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
787d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
789d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
790d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
792d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
793d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
795d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
796d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
797d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
799d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
801d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
802d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
803d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
804d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
805d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6f0000 'C:\Windows\system32\cryptnet.dll'
806d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
807d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
808d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
809d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
810d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd550000 'C:\Windows\system32\profapi.dll'
811d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
812d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
813d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
814d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
815d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
816d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
817d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
818d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
819d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
820d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
821d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
822d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
823d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
824d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
825d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
826d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
827d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe850000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
828d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
829d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe850000 'C:\Windows\system32\SHLWAPI.dll'
830d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
831d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008a63f0
832d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
833d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B1D637739FC6B271ED989F7454A98D5A76C1B7A
834d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
835d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
836d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
837d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-WIN-Service-Management-L1-1-0.dll'
838d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
839d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
840d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
841d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
842d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff630000 'C:\Windows\system32\ADVAPI32.dll'
843d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
844d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
845d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
846d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
847d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
848d44.bc4: g_pfnWinVerifyTrust=000007fefd801010
849d44.bc4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
850d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
851d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
852d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
853d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
854d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
855d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
856d44.bc4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
857d44.bc4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
858d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
859d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
860d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
861d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
862d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
863d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
864d44.bc4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
865d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
866d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
867d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
868d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
869d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
870d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
871d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
872d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000368 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
873d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
874d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
875d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
876d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
877d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
878d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
879d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000364 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
880d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
881d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
882d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
883d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
884d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
885d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
886d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000250 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
887d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
888d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
889d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
890d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
891d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
892d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
893d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
894d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
895d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
896d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
897d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
898d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
899d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
900d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
901d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
902d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
903d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
904d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
905d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
906d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
907d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
908d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
909d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
910d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE8C9B0409BB6DC8348383C722B4EC4291BB2193
911d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
912d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
913d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
914d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
915d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
916d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
917d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
918d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
919d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
920d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
921d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
922d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
923d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
924d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
925d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
926d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
927d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
928d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
929d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
930d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
931d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
932d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
933d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
934d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
935d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
936d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
937d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
938d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
939d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
940d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
941d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
942d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
943d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
944d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
945d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
946d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
947d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
948d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
949d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
950d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008a63f0
951d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008a63f0
952d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
953d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
954d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000084da70
955d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
956d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
957d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
958d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000084db30
959d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084db30
960d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
961d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
962d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
963d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
964d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
965d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
966d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
967d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
968d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
969d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
970d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
971d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
972d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
973d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
974d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD41E47CDA7ECDD58265F0739B9BC23E0761082B
975d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
976d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
977d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
978d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
979d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
980d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
981d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
982d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
983d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
984d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
985d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
986d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
987d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
988d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
989d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
990d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
991d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
992d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
993d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
994d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
995d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
996d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D58A667BECF67ECC76D4BEEDB96E9F1960013145
997d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
998d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
999d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1000d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1001d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1002d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1003d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1004d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1005d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1006d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1007d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1008d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1009d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1010d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1011d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1012d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1013d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1014d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1015d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
1016d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1017d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1018d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1019d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1020d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1021d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1022d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1023d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1024d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1025d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35EB15A32FF6A8320A28B76654C7C05F183C0649
1026d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1027d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1028d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1029d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1030d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1031d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1032d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1033d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D187E2BFBA7ED9D015FB710000144445CAD8B2DE
1034d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1035d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1036d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1037d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
1038d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1039d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1040d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABD4E7598BD11C4FA1AD66BF1B854BCC2A7C5DD
1041d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1042d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1043d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1044d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1045d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b60190:C:\Windows\system32 [calling]
1046d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\crypt32.dll'
1047d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1048d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1049d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1050d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1051d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1052d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1053d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1054d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1055d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1056d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1057d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1058d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1059d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1060d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1061d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1062d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1063d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1064d44.bc4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1065d44.bc4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=18
1066d44.bc4: SUPR3HardenedMain: Load Runtime...
1067d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1068d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1069d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1070d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1071d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1072d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1073d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1074d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1075d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1076d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1077d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1078d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1079d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1080d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1081d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1082d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
1083d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1084d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1085d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1086d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1087d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1088d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1089d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1090d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1091d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1092d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1093d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1094d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1095d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1096d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1097d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1098d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1099d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1100d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1101d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1102d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1103d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
1104d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1105d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1106d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1107d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
1108d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1109d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
1110d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
1111d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1112d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1113d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1114d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1115d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1116d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1117d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1118d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1119d44.bc4: supR3HardenedDllNotificationCallback: load 000007feea620000 LB 0x00519000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1120d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1121d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1122d44.bc4: supR3HardenedDllNotificationCallback: load 000000006ba10000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1123d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1124d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1125d44.bc4: supR3HardenedDllNotificationCallback: load 000000006b970000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1126d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1127d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefefb0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1128d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1129d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe990000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1130d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
1131d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1132d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1133d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1134d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1135d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1136d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1137d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1138d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1139d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1141d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1142d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1144d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1145d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1147d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1148d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1157d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1158d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000804090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1176d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1178d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1179d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1181d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b61990:C:\Windows\system32 [calling]
1182d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\Wintrust.dll'
1183d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1184d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b61990:C:\Windows\system32 [calling]
1185d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\crypt32.dll'
1186d44.bc4: SUPR3HardenedMain: Load TrustedMain...
1187d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1188d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1189d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1190d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1191d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1192d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1193d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1194d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1195d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1196d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1197d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1198d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1199d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1200d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1201d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1202d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1203d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1204d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1205d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1206d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
1207d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1208d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1209d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1210d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
1211d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1212d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1213d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1214d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1215d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1216d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1217d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1218d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1219d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1220d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1221d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1222d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
1223d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1224d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1225d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1226d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1227d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1228d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1229d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1230d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1231d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1232d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1233d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
1234d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1235d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1236d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1237d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
1238d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1239d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1240d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1241d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1242d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1243d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1244d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1245d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1246d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1247d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
1248d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1249d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1250d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
1251d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1252d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1253d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1254d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1255d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1256d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1257d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
1258d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1259d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1260d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1261d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1262d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1263d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1264d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1265d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1266d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1267d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1268d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1269d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1270d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1271d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1272d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1273d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1274d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1275d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1276d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1277d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1278d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1279d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1280d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1281d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1282d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1283d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1284d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1285d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1286d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1287d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1288d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1289d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1290d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1291d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1292d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1293d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1294d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1295d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1296d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1297d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1298d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1299d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1300d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
1301d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1302d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1303d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1304d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1305d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1306d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1307d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1308d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1309d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1310d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1311d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1312d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1313d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1314d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1315d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1316d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1317d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1318d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1319d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1320d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1321d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1322d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1323d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1324d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1325d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1326d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1327d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1328d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1329d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1330d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1331d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1332d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1333d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1334d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1335d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1336d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1337d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1338d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
1339d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1340d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1341d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1342d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1343d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1344d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
1345d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1346d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1347d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1348d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
1349d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1350d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1351d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1352d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1353d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1354d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1355d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1356d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
1357d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1358d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1359d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1360d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
1361d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1362d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1363d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1364d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
1365d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1366d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1367d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1368d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1369d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
1370d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1371d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1372d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1373d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1374d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1375d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1376d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1377d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1378d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1379d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1380d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1381d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1382d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1383d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1384d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1385d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1386d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1387d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume3\Windows\System32\mpr.dll
1388d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1389d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1390d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1391d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\mpr.dll'
1392d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1393d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) WinVerifyTrust
1394d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1395d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1396d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1397d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1398d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1399d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1400d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1401d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1402d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1403d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1404d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1405d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1406d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1407d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1408d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1409d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1410d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1411d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1412d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1413d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1414d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1415d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1416d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1417d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1418d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1419d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1420d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1421d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1422d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1423d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1424d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1425d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1426d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1427d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1428d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1429d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1430d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1431d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1432d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1433d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1434d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1435d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1436d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1437d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1438d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1439d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1440d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1441d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1442d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1443d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1444d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1445d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1446d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1447d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1448d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1449d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1450d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
1451d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1452d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1453d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1454d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1455d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1456d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1457d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1458d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
1459d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1460d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1461d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1462d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv
1463d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1464d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1465d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1466d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv'
1467d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1468d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1469d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1470d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1471d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) WinVerifyTrust
1472d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
1473d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1474d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1475d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1476d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1477d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1478d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1479d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1480d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1481d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1482d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1483d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1484d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1485d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1486d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1487d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1488d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1489d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1490d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1491d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1492d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1493d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1494d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1495d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1496d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1497d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1498d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1499d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1500d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1501d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1502d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1503d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1504d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1505d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1506d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1507d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1508d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1509d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1510d44.bc4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1511d44.bc4: Error (rc=0):
1512d44.bc4: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Windows\System32\user32.dll
1513d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1514d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1515d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1516d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1517d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1518d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1519d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1520d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1521d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1522d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1523d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1524d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1525d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1526d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1527d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1528d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1529d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1530d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1531d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1532d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1533d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1534d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1535d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1536d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1537d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1538d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1539d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1540d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1541d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1542d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1543d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll
1544d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1545d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1546d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1547d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
1548d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1549d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1550d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1551d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1552d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
1553d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
1554d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1555d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1556d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1557d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1558d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1559d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1560d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1561d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1562d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1563d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1564d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1565d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1566d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1567d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1568d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1569d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1570d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1571d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1572d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1573d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1574d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1575d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1576d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1577d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1578d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1579d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1580d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1581d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1582d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
1583d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1584d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1585d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1586d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
1587d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1588d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1589d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1590d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
1591d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1592d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1593d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1594d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1595d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1596d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1597d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1598d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1599d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
1600d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1601d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1604d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1605d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
1606d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1607d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1608d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
1609d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
1610d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1611d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1612d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1613d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1614d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) WinVerifyTrust
1615d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1616d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1617d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1618d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1619d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1620d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1623d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1624d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1625d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1626d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1627d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1628d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
1629d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1630d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1631d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1632d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
1633d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1634d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1635d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1636d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
1637d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
1638d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1639d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1640d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1641d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1642d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1643d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1644d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1645d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1646d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1647d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1648d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1649d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1650d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1651d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1652d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1653d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1654d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1655d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
1656d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1657d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1658d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1659d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1660d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1661d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1662d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1663d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1664d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1665d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1666d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1667d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1668d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1669d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1670d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1671d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1672d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1673d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1674d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1675d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1676d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1677d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1678d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1679d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1680d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1681d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1682d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1683d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1684d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1685d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1686d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1687d44.bc4: supR3HardenedDllNotificationCallback: load 000007fee9d40000 LB 0x008de000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1688d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1689d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1690d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef1ce0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1691d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1692d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
1693d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef2100000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1694d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
1695d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1696d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef1be0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1697d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1698d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1699d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef23c0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1700d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1701d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff8c0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1702d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1703d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1704d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1705d44.bc4: supR3HardenedDllNotificationCallback: load 000007feff4d0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1706d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1707d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefeb40000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1708d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1709d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1710d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1711d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1712d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefacd0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1713d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1714d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1715d44.bc4: supR3HardenedDllNotificationCallback: load 000000006a7c0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1716d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1717d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1718d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1719d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
1720d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef8ab0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1721d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
1722d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1723d44.bc4: supR3HardenedDllNotificationCallback: load 000007fee9790000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1724d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1725d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1726d44.bc4: supR3HardenedDllNotificationCallback: load 000000006a270000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1727d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1728d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1729d44.bc4: supR3HardenedDllNotificationCallback: load 000007feee810000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1730d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1731d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
1732d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef93b0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1733d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
1734d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefe8f0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1735d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1736d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1737d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1738d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1739d44.bc4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1740d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1741d44.bc4: supR3HardenedDllNotificationCallback: load 000007feebb10000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1742d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1743d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1744d44.bc4: supR3HardenedDllNotificationCallback: load 000000006b910000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1745d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1746d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1747d44.bc4: supR3HardenedDllNotificationCallback: load 000007fef6bc0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1748d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1749d44.bc4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1750d44.bc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1751d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
1752d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1755d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1756d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1757d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1758d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008642b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1759d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\imm32.dll'
1760d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff630000 'C:\Windows\system32\ADVAPI32.DLL'
1761d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1762d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1763d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3e0000 'C:\Windows\system32\cryptbase.dll'
1764d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9d40000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1765d44.bc4: SUPR3HardenedMain: Calling TrustedMain (000007fee9d415f0)...
1766d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1767d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1768d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb40000 'C:\Windows\system32\ole32.dll'
1769d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff630000 'C:\Windows\system32\ADVAPI32.dll'
1770d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1771d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1772d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\shell32.dll'
1773d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1774d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
1775d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
1776d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
1777d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1778d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1779d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1780d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1781d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1782d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1783d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1784d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1785d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1786d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1787d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1788d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1789d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1790d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1791d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1792d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1793d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1794d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1795d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1796d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1797d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1798d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1799d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1800d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1801d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1802d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1803d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1804d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1805d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1806d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1807d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1808d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1809d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1810d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1811d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
1812d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1813d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1814d44.bc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1815d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1816d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1817d44.bc4: supR3HardenedDllNotificationCallback: load 000007feeb3e0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1818d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1819d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb3e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1820d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1821d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000084da70
1822d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000084da70
1823d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1824d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1825d44.bc4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1826d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1827d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1828d44.bc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1829d44.bc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
1830d44.bc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1831d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1832d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1833d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1834d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1835d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1836d44.bc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1837d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000858f90:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1838d44.bc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1839d44.bc4: supR3HardenedDllNotificationCallback: load 000007fefb0b0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1840d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1841d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\uxtheme.dll'
1842d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1843d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000858f90:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1844d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\uxtheme.dll'
1845d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1846d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000859bf0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1847d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\uxtheme.dll'
1848d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1849d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000859bf0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1850d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\uxtheme.dll'
1851d44.bc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1852d44.bc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000864220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1853d44.bc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3e0000 'C:\Windows\system32\CRYPTBASE.dll'
1854e34.5d8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 784 ms, the end);
1855f48.5b0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1096 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy