VirtualBox

Ticket #15843: VBoxHardening.log

File VBoxHardening.log, 387.2 KB (added by schnesim, 8 years ago)
Line 
11b10.1a74: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21b10.1a74: \SystemRoot\System32\ntdll.dll:
31b10.1a74: CreationTime: 2016-05-17T13:13:50.272270500Z
41b10.1a74: LastWriteTime: 2016-04-09T06:59:27.660769000Z
51b10.1a74: ChangeTime: 2016-05-17T13:27:37.394041000Z
61b10.1a74: FileAttributes: 0x20
71b10.1a74: Size: 0x1a7100
81b10.1a74: NT Headers: 0xe0
91b10.1a74: Timestamp: 0x5708a857
101b10.1a74: Machine: 0x8664 - amd64
111b10.1a74: Timestamp: 0x5708a857
121b10.1a74: Image Version: 6.1
131b10.1a74: SizeOfImage: 0x1aa000 (1744896)
141b10.1a74: Resource Dir: 0x14e000 LB 0x5a028
151b10.1a74: ProductName: Microsoft® Windows® Operating System
161b10.1a74: ProductVersion: 6.1.7601.23418
171b10.1a74: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
181b10.1a74: FileDescription: NT Layer DLL
191b10.1a74: \SystemRoot\System32\kernel32.dll:
201b10.1a74: CreationTime: 2016-05-17T13:13:49.948252000Z
211b10.1a74: LastWriteTime: 2016-04-09T06:57:53.879000000Z
221b10.1a74: ChangeTime: 2016-05-17T13:27:37.518841200Z
231b10.1a74: FileAttributes: 0x20
241b10.1a74: Size: 0x11c000
251b10.1a74: NT Headers: 0xe0
261b10.1a74: Timestamp: 0x5708a89b
271b10.1a74: Machine: 0x8664 - amd64
281b10.1a74: Timestamp: 0x5708a89b
291b10.1a74: Image Version: 6.1
301b10.1a74: SizeOfImage: 0x11f000 (1175552)
311b10.1a74: Resource Dir: 0x116000 LB 0x528
321b10.1a74: ProductName: Microsoft® Windows® Operating System
331b10.1a74: ProductVersion: 6.1.7601.23418
341b10.1a74: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
351b10.1a74: FileDescription: Windows NT BASE API Client DLL
361b10.1a74: \SystemRoot\System32\KernelBase.dll:
371b10.1a74: CreationTime: 2016-05-17T13:13:49.833245400Z
381b10.1a74: LastWriteTime: 2016-04-09T06:57:53.879000000Z
391b10.1a74: ChangeTime: 2016-05-17T13:27:37.518841200Z
401b10.1a74: FileAttributes: 0x20
411b10.1a74: Size: 0x66800
421b10.1a74: NT Headers: 0xe8
431b10.1a74: Timestamp: 0x5708a89c
441b10.1a74: Machine: 0x8664 - amd64
451b10.1a74: Timestamp: 0x5708a89c
461b10.1a74: Image Version: 6.1
471b10.1a74: SizeOfImage: 0x6a000 (434176)
481b10.1a74: Resource Dir: 0x68000 LB 0x530
491b10.1a74: ProductName: Microsoft® Windows® Operating System
501b10.1a74: ProductVersion: 6.1.7601.23418
511b10.1a74: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
521b10.1a74: FileDescription: Windows NT BASE API Client DLL
531b10.1a74: \SystemRoot\System32\apisetschema.dll:
541b10.1a74: CreationTime: 2016-05-17T13:13:48.590174300Z
551b10.1a74: LastWriteTime: 2016-04-09T06:57:48.684000000Z
561b10.1a74: ChangeTime: 2016-05-17T13:27:37.378440900Z
571b10.1a74: FileAttributes: 0x20
581b10.1a74: Size: 0x1a00
591b10.1a74: NT Headers: 0xc0
601b10.1a74: Timestamp: 0x5708a835
611b10.1a74: Machine: 0x8664 - amd64
621b10.1a74: Timestamp: 0x5708a835
631b10.1a74: Image Version: 6.1
641b10.1a74: SizeOfImage: 0x50000 (327680)
651b10.1a74: Resource Dir: 0x30000 LB 0x3f8
661b10.1a74: ProductName: Microsoft® Windows® Operating System
671b10.1a74: ProductVersion: 6.1.7601.23418
681b10.1a74: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
691b10.1a74: FileDescription: ApiSet Schema DLL
701b10.1a74: Found driver NisDrv (0x400)
711b10.1a74: supR3HardenedWinFindAdversaries: 0x400
721b10.1a74: \SystemRoot\System32\drivers\MpFilter.sys:
731b10.1a74: CreationTime: 2015-11-13T06:50:26.000000000Z
741b10.1a74: LastWriteTime: 2015-11-13T06:50:26.000000000Z
751b10.1a74: ChangeTime: 2016-03-29T07:59:51.647238000Z
761b10.1a74: FileAttributes: 0x20
771b10.1a74: Size: 0x46960
781b10.1a74: NT Headers: 0xe8
791b10.1a74: Timestamp: 0x56330e4f
801b10.1a74: Machine: 0x8664 - amd64
811b10.1a74: Timestamp: 0x56330e4f
821b10.1a74: Image Version: 6.3
831b10.1a74: SizeOfImage: 0x44000 (278528)
841b10.1a74: Resource Dir: 0x42000 LB 0xd90
851b10.1a74: ProductName: Microsoft Malware Protection
861b10.1a74: ProductVersion: 4.9.0210.0
871b10.1a74: FileVersion: 4.9.0210.0
881b10.1a74: FileDescription: Microsoft antimalware file system filter driver
891b10.1a74: \SystemRoot\System32\drivers\NisDrvWFP.sys:
901b10.1a74: CreationTime: 2014-03-11T07:52:30.000000000Z
911b10.1a74: LastWriteTime: 2015-11-13T06:50:26.000000000Z
921b10.1a74: ChangeTime: 2016-03-29T07:59:51.597231600Z
931b10.1a74: FileAttributes: 0x20
941b10.1a74: Size: 0x20ab8
951b10.1a74: NT Headers: 0xe0
961b10.1a74: Timestamp: 0x56330e8a
971b10.1a74: Machine: 0x8664 - amd64
981b10.1a74: Timestamp: 0x56330e8a
991b10.1a74: Image Version: 6.3
1001b10.1a74: SizeOfImage: 0x1f000 (126976)
1011b10.1a74: Resource Dir: 0x1c000 LB 0x1b90
1021b10.1a74: ProductName: Microsoft Malware Protection
1031b10.1a74: ProductVersion: 4.9.0210.0
1041b10.1a74: FileVersion: 4.9.0210.0
1051b10.1a74: FileDescription: Microsoft Network Realtime Inspection Driver
1061b10.1a74: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1071b10.1a74: Calling main()
1081b10.1a74: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1091b10.1a74: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1101b10.1a74: SUPR3HardenedMain: Respawn #1
1111b10.1a74: System32: \Device\HarddiskVolume3\Windows\System32
1121b10.1a74: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
1131b10.1a74: KnownDllPath: C:\Windows\system32
1141b10.1a74: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1151b10.1a74: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1161b10.1a74: supR3HardNtEnableThreadCreation:
1171b10.1a74: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770ba0e0 pvNtTerminateThread=00000000770dc060
1181b10.1a74: supR3HardenedWinDoReSpawn(1): New child 37c.5bc [kernel32].
1191b10.1a74: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
1201b10.1a74: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000
1211b10.1a74: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770ba0e0
1221b10.1a74: supR3HardenedWinSetupChildInit: Start child.
1231b10.1a74: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1241b10.1a74: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 52 sleeps
1251b10.1a74: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1261b10.1a74: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1271b10.1a74: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1281b10.1a74: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1291b10.1a74: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1301b10.1a74: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1311b10.1a74: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
1321b10.1a74: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
1331b10.1a74: 0000000000051000-0000000000011fff 0x0001/0x0000 0x0000000
1341b10.1a74: *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
1351b10.1a74: 000000000018c000-0000000000189fff 0x0104/0x0004 0x0020000
1361b10.1a74: 000000000018e000-000000000018bfff 0x0004/0x0004 0x0020000
1371b10.1a74: 0000000000190000-ffffffff8928ffff 0x0001/0x0000 0x0000000
1381b10.1a74: *0000000077090000-0000000077090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1391b10.1a74: 0000000077091000-000000007718dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1401b10.1a74: 000000007718e000-00000000771bcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1411b10.1a74: 00000000771bd000-00000000771c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1421b10.1a74: 00000000771c7000-00000000771c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1431b10.1a74: 00000000771c8000-00000000771cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1441b10.1a74: 00000000771cb000-0000000077239fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1451b10.1a74: 000000007723a000-000000006f493fff 0x0001/0x0000 0x0000000
1461b10.1a74: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1471b10.1a74: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1481b10.1a74: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1491b10.1a74: 000000007fff0000-ffffffffc05dffff 0x0001/0x0000 0x0000000
1501b10.1a74: *000000013fa00000-000000013fa00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1511b10.1a74: 000000013fa01000-000000013fa6ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1521b10.1a74: 000000013fa70000-000000013fa70fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1531b10.1a74: 000000013fa71000-000000013fab5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1541b10.1a74: 000000013fab6000-000000013fab6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1551b10.1a74: 000000013fab7000-000000013fab7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1561b10.1a74: 000000013fab8000-000000013fabcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1571b10.1a74: 000000013fabd000-000000013fabdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1581b10.1a74: 000000013fabe000-000000013fabefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1591b10.1a74: 000000013fabf000-000000013fac2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1601b10.1a74: 000000013fac3000-000000013fb0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1611b10.1a74: 000000013fb0b000-fffff80380265fff 0x0001/0x0000 0x0000000
1621b10.1a74: *000007feff3b0000-000007feff3b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
1631b10.1a74: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000
1641b10.1a74: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1651b10.1a74: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
1661b10.1a74: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
1671b10.1a74: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1681b10.1a74: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1691b10.1a74: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
1701b10.1a74: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
1711b10.1a74: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1721b10.1a74: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
1731b10.1a74: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1741b10.1a74: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
17537c.5bc: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
17637c.5bc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000 g_uNtVerCombined=0x611db100
1771b10.1a74: supR3HardNtEnableThreadCreation:
17837c.5bc: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
17937c.5bc: New simple heap: #1 0000000000290000 LB 0x400000 (for 1744896 allocation)
18037c.5bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
18137c.5bc: System32: \Device\HarddiskVolume3\Windows\System32
18237c.5bc: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
18337c.5bc: KnownDllPath: C:\Windows\system32
18437c.5bc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
18537c.5bc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
18637c.5bc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
18737c.5bc: Registered Dll notification callback with NTDLL.
18837c.5bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
18937c.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
19037c.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
19137c.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
19237c.5bc: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
19337c.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
19437c.5bc: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
19537c.5bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
19637c.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
19737c.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
19837c.5bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770ba0e0 pvNtTerminateThread=00000000770dc060
1991b10.1a74: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 25 ms.
20037c.5bc: \SystemRoot\System32\ntdll.dll:
20137c.5bc: CreationTime: 2016-05-17T13:13:50.272270500Z
20237c.5bc: LastWriteTime: 2016-04-09T06:59:27.660769000Z
20337c.5bc: ChangeTime: 2016-05-17T13:27:37.394041000Z
20437c.5bc: FileAttributes: 0x20
20537c.5bc: Size: 0x1a7100
20637c.5bc: NT Headers: 0xe0
20737c.5bc: Timestamp: 0x5708a857
20837c.5bc: Machine: 0x8664 - amd64
20937c.5bc: Timestamp: 0x5708a857
21037c.5bc: Image Version: 6.1
21137c.5bc: SizeOfImage: 0x1aa000 (1744896)
21237c.5bc: Resource Dir: 0x14e000 LB 0x5a028
21337c.5bc: ProductName: Microsoft® Windows® Operating System
21437c.5bc: ProductVersion: 6.1.7601.23418
21537c.5bc: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
21637c.5bc: FileDescription: NT Layer DLL
21737c.5bc: \SystemRoot\System32\kernel32.dll:
21837c.5bc: CreationTime: 2016-05-17T13:13:49.948252000Z
21937c.5bc: LastWriteTime: 2016-04-09T06:57:53.879000000Z
22037c.5bc: ChangeTime: 2016-05-17T13:27:37.518841200Z
22137c.5bc: FileAttributes: 0x20
22237c.5bc: Size: 0x11c000
22337c.5bc: NT Headers: 0xe0
22437c.5bc: Timestamp: 0x5708a89b
22537c.5bc: Machine: 0x8664 - amd64
22637c.5bc: Timestamp: 0x5708a89b
22737c.5bc: Image Version: 6.1
22837c.5bc: SizeOfImage: 0x11f000 (1175552)
22937c.5bc: Resource Dir: 0x116000 LB 0x528
23037c.5bc: ProductName: Microsoft® Windows® Operating System
23137c.5bc: ProductVersion: 6.1.7601.23418
23237c.5bc: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
23337c.5bc: FileDescription: Windows NT BASE API Client DLL
23437c.5bc: \SystemRoot\System32\KernelBase.dll:
23537c.5bc: CreationTime: 2016-05-17T13:13:49.833245400Z
23637c.5bc: LastWriteTime: 2016-04-09T06:57:53.879000000Z
23737c.5bc: ChangeTime: 2016-05-17T13:27:37.518841200Z
23837c.5bc: FileAttributes: 0x20
23937c.5bc: Size: 0x66800
24037c.5bc: NT Headers: 0xe8
24137c.5bc: Timestamp: 0x5708a89c
24237c.5bc: Machine: 0x8664 - amd64
24337c.5bc: Timestamp: 0x5708a89c
24437c.5bc: Image Version: 6.1
24537c.5bc: SizeOfImage: 0x6a000 (434176)
24637c.5bc: Resource Dir: 0x68000 LB 0x530
24737c.5bc: ProductName: Microsoft® Windows® Operating System
24837c.5bc: ProductVersion: 6.1.7601.23418
24937c.5bc: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
25037c.5bc: FileDescription: Windows NT BASE API Client DLL
25137c.5bc: \SystemRoot\System32\apisetschema.dll:
25237c.5bc: CreationTime: 2016-05-17T13:13:48.590174300Z
25337c.5bc: LastWriteTime: 2016-04-09T06:57:48.684000000Z
25437c.5bc: ChangeTime: 2016-05-17T13:27:37.378440900Z
25537c.5bc: FileAttributes: 0x20
25637c.5bc: Size: 0x1a00
25737c.5bc: NT Headers: 0xc0
25837c.5bc: Timestamp: 0x5708a835
25937c.5bc: Machine: 0x8664 - amd64
26037c.5bc: Timestamp: 0x5708a835
26137c.5bc: Image Version: 6.1
26237c.5bc: SizeOfImage: 0x50000 (327680)
26337c.5bc: Resource Dir: 0x30000 LB 0x3f8
26437c.5bc: ProductName: Microsoft® Windows® Operating System
26537c.5bc: ProductVersion: 6.1.7601.23418
26637c.5bc: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
26737c.5bc: FileDescription: ApiSet Schema DLL
26837c.5bc: Found driver NisDrv (0x400)
26937c.5bc: supR3HardenedWinFindAdversaries: 0x400
27037c.5bc: \SystemRoot\System32\drivers\MpFilter.sys:
27137c.5bc: CreationTime: 2015-11-13T06:50:26.000000000Z
27237c.5bc: LastWriteTime: 2015-11-13T06:50:26.000000000Z
27337c.5bc: ChangeTime: 2016-03-29T07:59:51.647238000Z
27437c.5bc: FileAttributes: 0x20
27537c.5bc: Size: 0x46960
27637c.5bc: NT Headers: 0xe8
27737c.5bc: Timestamp: 0x56330e4f
27837c.5bc: Machine: 0x8664 - amd64
27937c.5bc: Timestamp: 0x56330e4f
28037c.5bc: Image Version: 6.3
28137c.5bc: SizeOfImage: 0x44000 (278528)
28237c.5bc: Resource Dir: 0x42000 LB 0xd90
28337c.5bc: ProductName: Microsoft Malware Protection
28437c.5bc: ProductVersion: 4.9.0210.0
28537c.5bc: FileVersion: 4.9.0210.0
28637c.5bc: FileDescription: Microsoft antimalware file system filter driver
28737c.5bc: \SystemRoot\System32\drivers\NisDrvWFP.sys:
28837c.5bc: CreationTime: 2014-03-11T07:52:30.000000000Z
28937c.5bc: LastWriteTime: 2015-11-13T06:50:26.000000000Z
29037c.5bc: ChangeTime: 2016-03-29T07:59:51.597231600Z
29137c.5bc: FileAttributes: 0x20
29237c.5bc: Size: 0x20ab8
29337c.5bc: NT Headers: 0xe0
29437c.5bc: Timestamp: 0x56330e8a
29537c.5bc: Machine: 0x8664 - amd64
29637c.5bc: Timestamp: 0x56330e8a
29737c.5bc: Image Version: 6.3
29837c.5bc: SizeOfImage: 0x1f000 (126976)
29937c.5bc: Resource Dir: 0x1c000 LB 0x1b90
30037c.5bc: ProductName: Microsoft Malware Protection
30137c.5bc: ProductVersion: 4.9.0210.0
30237c.5bc: FileVersion: 4.9.0210.0
30337c.5bc: FileDescription: Microsoft Network Realtime Inspection Driver
30437c.5bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
30537c.5bc: Calling main()
30637c.5bc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
30737c.5bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
30837c.5bc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
30937c.5bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
31037c.5bc: SUPR3HardenedMain: Respawn #2
31137c.5bc: supR3HardNtEnableThreadCreation:
31237c.5bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
31337c.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
31437c.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
31537c.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
31637c.5bc: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
31737c.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
31837c.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbd0000 'C:\Windows\system32\apphelp.dll'
31937c.5bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770ba0e0 pvNtTerminateThread=00000000770dc060
32037c.5bc: supR3HardenedWinDoReSpawn(2): New child 1b00.4d4 [kernel32].
32137c.5bc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
32237c.5bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077090000 uNtDllChildAddr=0000000077090000
32337c.5bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770ba0e0
32437c.5bc: supR3HardenedWinSetupChildInit: Start child.
32537c.5bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
32637c.5bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 52 sleeps
32737c.5bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
32837c.5bc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
32937c.5bc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
33037c.5bc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
33137c.5bc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
33237c.5bc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
33337c.5bc: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
33437c.5bc: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
33537c.5bc: 0000000000051000-fffffffffff21fff 0x0001/0x0000 0x0000000
33637c.5bc: *0000000000180000-0000000000083fff 0x0000/0x0004 0x0020000
33737c.5bc: 000000000027c000-0000000000279fff 0x0104/0x0004 0x0020000
33837c.5bc: 000000000027e000-000000000027bfff 0x0004/0x0004 0x0020000
33937c.5bc: 0000000000280000-ffffffff8946ffff 0x0001/0x0000 0x0000000
34037c.5bc: *0000000077090000-0000000077090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34137c.5bc: 0000000077091000-000000007718dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34237c.5bc: 000000007718e000-00000000771bcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34337c.5bc: 00000000771bd000-00000000771c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34437c.5bc: 00000000771c7000-00000000771c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34537c.5bc: 00000000771c8000-00000000771cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34637c.5bc: 00000000771cb000-0000000077239fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
34737c.5bc: 000000007723a000-000000006f493fff 0x0001/0x0000 0x0000000
34837c.5bc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
34937c.5bc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
35037c.5bc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
35137c.5bc: 000000007fff0000-ffffffffc05dffff 0x0001/0x0000 0x0000000
35237c.5bc: *000000013fa00000-000000013fa00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35337c.5bc: 000000013fa01000-000000013fa6ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35437c.5bc: 000000013fa70000-000000013fa70fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35537c.5bc: 000000013fa71000-000000013fab5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35637c.5bc: 000000013fab6000-000000013fab6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35737c.5bc: 000000013fab7000-000000013fab7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35837c.5bc: 000000013fab8000-000000013fabcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
35937c.5bc: 000000013fabd000-000000013fabdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
36037c.5bc: 000000013fabe000-000000013fabefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
36137c.5bc: 000000013fabf000-000000013fac2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
36237c.5bc: 000000013fac3000-000000013fb0afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
36337c.5bc: 000000013fb0b000-fffff80380265fff 0x0001/0x0000 0x0000000
36437c.5bc: *000007feff3b0000-000007feff3b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
36537c.5bc: 000007feff3b1000-000007fdfe7b1fff 0x0001/0x0000 0x0000000
36637c.5bc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
36737c.5bc: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
36837c.5bc: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
36937c.5bc: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
37037c.5bc: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
37137c.5bc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
37237c.5bc: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
37337c.5bc: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
37437c.5bc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
37537c.5bc: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
37637c.5bc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
37737c.5bc: supR3HardNtChildPurify: Done after 560 ms and 0 fixes (loop #0).
3781b00.4d4: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3791b00.4d4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077090000 g_uNtVerCombined=0x611db100
3801b00.4d4: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
3811b00.4d4: New simple heap: #1 0000000000280000 LB 0x400000 (for 1744896 allocation)
38237c.5bc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
38337c.5bc: supR3HardNtEnableThreadCreation:
3841b00.4d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3851b00.4d4: System32: \Device\HarddiskVolume3\Windows\System32
3861b00.4d4: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
3871b00.4d4: KnownDllPath: C:\Windows\system32
3881b00.4d4: supR3HardenedVmProcessInit: Opening vboxdrv...
3891b00.4d4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3901b00.4d4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3911b00.4d4: Registered Dll notification callback with NTDLL.
3921b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3931b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3941b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3951b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3961b00.4d4: supR3HardenedDllNotificationCallback: load 0000000076e70000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3971b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3981b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3991b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
4001b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
4011b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
4021b00.4d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770ba0e0 pvNtTerminateThread=00000000770dc060
40337c.5bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
4041b00.4d4: \SystemRoot\System32\ntdll.dll:
4051b00.4d4: CreationTime: 2016-05-17T13:13:50.272270500Z
4061b00.4d4: LastWriteTime: 2016-04-09T06:59:27.660769000Z
4071b00.4d4: ChangeTime: 2016-05-17T13:27:37.394041000Z
4081b00.4d4: FileAttributes: 0x20
4091b00.4d4: Size: 0x1a7100
4101b00.4d4: NT Headers: 0xe0
4111b00.4d4: Timestamp: 0x5708a857
4121b00.4d4: Machine: 0x8664 - amd64
4131b00.4d4: Timestamp: 0x5708a857
4141b00.4d4: Image Version: 6.1
4151b00.4d4: SizeOfImage: 0x1aa000 (1744896)
4161b00.4d4: Resource Dir: 0x14e000 LB 0x5a028
4171b00.4d4: ProductName: Microsoft® Windows® Operating System
4181b00.4d4: ProductVersion: 6.1.7601.23418
4191b00.4d4: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
4201b00.4d4: FileDescription: NT Layer DLL
4211b00.4d4: \SystemRoot\System32\kernel32.dll:
4221b00.4d4: CreationTime: 2016-05-17T13:13:49.948252000Z
4231b00.4d4: LastWriteTime: 2016-04-09T06:57:53.879000000Z
4241b00.4d4: ChangeTime: 2016-05-17T13:27:37.518841200Z
4251b00.4d4: FileAttributes: 0x20
4261b00.4d4: Size: 0x11c000
4271b00.4d4: NT Headers: 0xe0
4281b00.4d4: Timestamp: 0x5708a89b
4291b00.4d4: Machine: 0x8664 - amd64
4301b00.4d4: Timestamp: 0x5708a89b
4311b00.4d4: Image Version: 6.1
4321b00.4d4: SizeOfImage: 0x11f000 (1175552)
4331b00.4d4: Resource Dir: 0x116000 LB 0x528
4341b00.4d4: ProductName: Microsoft® Windows® Operating System
4351b00.4d4: ProductVersion: 6.1.7601.23418
4361b00.4d4: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
4371b00.4d4: FileDescription: Windows NT BASE API Client DLL
4381b00.4d4: \SystemRoot\System32\KernelBase.dll:
4391b00.4d4: CreationTime: 2016-05-17T13:13:49.833245400Z
4401b00.4d4: LastWriteTime: 2016-04-09T06:57:53.879000000Z
4411b00.4d4: ChangeTime: 2016-05-17T13:27:37.518841200Z
4421b00.4d4: FileAttributes: 0x20
4431b00.4d4: Size: 0x66800
4441b00.4d4: NT Headers: 0xe8
4451b00.4d4: Timestamp: 0x5708a89c
4461b00.4d4: Machine: 0x8664 - amd64
4471b00.4d4: Timestamp: 0x5708a89c
4481b00.4d4: Image Version: 6.1
4491b00.4d4: SizeOfImage: 0x6a000 (434176)
4501b00.4d4: Resource Dir: 0x68000 LB 0x530
4511b00.4d4: ProductName: Microsoft® Windows® Operating System
4521b00.4d4: ProductVersion: 6.1.7601.23418
4531b00.4d4: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
4541b00.4d4: FileDescription: Windows NT BASE API Client DLL
4551b00.4d4: \SystemRoot\System32\apisetschema.dll:
4561b00.4d4: CreationTime: 2016-05-17T13:13:48.590174300Z
4571b00.4d4: LastWriteTime: 2016-04-09T06:57:48.684000000Z
4581b00.4d4: ChangeTime: 2016-05-17T13:27:37.378440900Z
4591b00.4d4: FileAttributes: 0x20
4601b00.4d4: Size: 0x1a00
4611b00.4d4: NT Headers: 0xc0
4621b00.4d4: Timestamp: 0x5708a835
4631b00.4d4: Machine: 0x8664 - amd64
4641b00.4d4: Timestamp: 0x5708a835
4651b00.4d4: Image Version: 6.1
4661b00.4d4: SizeOfImage: 0x50000 (327680)
4671b00.4d4: Resource Dir: 0x30000 LB 0x3f8
4681b00.4d4: ProductName: Microsoft® Windows® Operating System
4691b00.4d4: ProductVersion: 6.1.7601.23418
4701b00.4d4: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
4711b00.4d4: FileDescription: ApiSet Schema DLL
4721b00.4d4: Found driver NisDrv (0x400)
4731b00.4d4: supR3HardenedWinFindAdversaries: 0x400
4741b00.4d4: \SystemRoot\System32\drivers\MpFilter.sys:
4751b00.4d4: CreationTime: 2015-11-13T06:50:26.000000000Z
4761b00.4d4: LastWriteTime: 2015-11-13T06:50:26.000000000Z
4771b00.4d4: ChangeTime: 2016-03-29T07:59:51.647238000Z
4781b00.4d4: FileAttributes: 0x20
4791b00.4d4: Size: 0x46960
4801b00.4d4: NT Headers: 0xe8
4811b00.4d4: Timestamp: 0x56330e4f
4821b00.4d4: Machine: 0x8664 - amd64
4831b00.4d4: Timestamp: 0x56330e4f
4841b00.4d4: Image Version: 6.3
4851b00.4d4: SizeOfImage: 0x44000 (278528)
4861b00.4d4: Resource Dir: 0x42000 LB 0xd90
4871b00.4d4: ProductName: Microsoft Malware Protection
4881b00.4d4: ProductVersion: 4.9.0210.0
4891b00.4d4: FileVersion: 4.9.0210.0
4901b00.4d4: FileDescription: Microsoft antimalware file system filter driver
4911b00.4d4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
4921b00.4d4: CreationTime: 2014-03-11T07:52:30.000000000Z
4931b00.4d4: LastWriteTime: 2015-11-13T06:50:26.000000000Z
4941b00.4d4: ChangeTime: 2016-03-29T07:59:51.597231600Z
4951b00.4d4: FileAttributes: 0x20
4961b00.4d4: Size: 0x20ab8
4971b00.4d4: NT Headers: 0xe0
4981b00.4d4: Timestamp: 0x56330e8a
4991b00.4d4: Machine: 0x8664 - amd64
5001b00.4d4: Timestamp: 0x56330e8a
5011b00.4d4: Image Version: 6.3
5021b00.4d4: SizeOfImage: 0x1f000 (126976)
5031b00.4d4: Resource Dir: 0x1c000 LB 0x1b90
5041b00.4d4: ProductName: Microsoft Malware Protection
5051b00.4d4: ProductVersion: 4.9.0210.0
5061b00.4d4: FileVersion: 4.9.0210.0
5071b00.4d4: FileDescription: Microsoft Network Realtime Inspection Driver
5081b00.4d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5091b00.4d4: Calling main()
5101b00.4d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5111b00.4d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5121b00.4d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5131b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5141b00.4d4: SUPR3HardenedMain: Final process, opening VBoxDrv...
5151b00.4d4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
5161b00.4d4: supR3HardNtEnableThreadCreation:
5171b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5181b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5191b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b161:<flags> [calling]
5201b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5211b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee6170000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5221b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5231b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5241b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002788e1:<flags> [calling]
5251b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5261b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5271b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002788e1:<flags> [calling]
5281b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5291b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6170000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5301b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5311b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
5321b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5331b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
5341b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
5351b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
5361b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5381b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
5391b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
5401b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5421b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
5431b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
5441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5451b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5461b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5471b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5481b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
5491b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
5501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5511b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5521b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
5531b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
5541b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5561b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5571b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5581b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5591b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5601b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027cf71:<flags> [calling]
5611b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5621b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
5631b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5641b00.4d4: supR3HardenedDllNotificationCallback: load 000007feff2d0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
5651b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5661b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefce10000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
5671b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5681b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
5691b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5701b00.4d4: supR3HardenedDllNotificationCallback: load 000007feff1a0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
5711b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5721b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\Wintrust.dll'
5731b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
5741b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
5751b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027cf71:<flags> [calling]
5761b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5771b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc720000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
5781b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5791b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\Windows\system32\bcrypt.dll'
5801b00.4d4: bcrypt.dll loaded at 000007fefc720000, BCryptOpenAlgorithmProvider at 000007fefc722640, preloading providers:
5811b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
5821b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
5831b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
5841b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
5851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5861b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5871b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5881b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5891b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5901b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5911b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
5921b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
5931b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
5941b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5951b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5961b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5971b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5981b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5991b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6001b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027cf61:<flags> [calling]
6011b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6021b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc1c0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
6031b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6041b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefeb10000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
6051b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6061b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6071b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6081b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
6091b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
6101b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefecd0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
6111b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6121b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1c0000 'C:\Windows\system32\bcryptprimitives.dll'
6131b00.4d4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000084dc00)
6141b00.4d4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000084fac0)
6151b00.4d4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000084fbe0)
6161b00.4d4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000084fdf0)
6171b00.4d4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000084ff10)
6181b00.4d4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000850030)
6191b00.4d4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000850270)
6201b00.4d4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000850390)
6211b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6221b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6231b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6241b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6251b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6261b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6271b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6281b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6291b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027cac1:<flags> [calling]
6301b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6311b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc5d0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
6321b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6331b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5d0000 'C:\Windows\system32\CRYPTSP.dll'
6341b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6351b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6361b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6381b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6391b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6401b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027ca51:<flags> [calling]
6411b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6421b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc2d0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
6431b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6441b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2d0000 'C:\Windows\system32\rsaenh.dll'
6451b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6461b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c2e1:<flags> [calling]
6471b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
6481b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
6491b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
6501b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c661:<flags> [calling]
6511b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6521b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
6531b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6541b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\Windows\system32\CRYPTBASE.dll'
6551b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6561b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c091:<flags> [calling]
6571b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
6581b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6591b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027ca21:<flags> [calling]
6601b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\WINTRUST.DLL'
6611b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6621b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027c851:<flags> [calling]
6631b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\CRYPT32.dll'
6641b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6651b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
6661b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
6671b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
6681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6691b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6701b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6711b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6721b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6731b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6741b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c8a1:<flags> [calling]
6751b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6761b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefecf0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
6771b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6781b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecf0000 'C:\Windows\system32\imagehlp.dll'
6791b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6801b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c9f1:<flags> [calling]
6811b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5d0000 'C:\Windows\system32\CRYPTSP.dll'
6821b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6831b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
6841b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
6851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6861b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6871b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6881b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
6891b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
6901b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
6911b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
6921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
6931b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6941b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6951b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
6961b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
6971b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
6981b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6991b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7001b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7011b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7031b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7041b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7051b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7061b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
7071b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
7081b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7091b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7101b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7111b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7121b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7131b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7141b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7151b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7161b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7171b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7181b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7191b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7211b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7221b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7231b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c521:<flags> [calling]
7241b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7251b00.4d4: supR3HardenedDllNotificationCallback: load 0000000076f90000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
7261b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7271b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefee60000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
7281b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7291b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefebf0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
7301b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
7311b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefec00000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
7321b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
7331b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7341b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027ba21:<flags> [calling]
7351b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
7361b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
7371b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
7381b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
7391b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
7401b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
7411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
7421b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
7431b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7441b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
7451b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
7461b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
7471b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
7481b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
7491b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7511b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7521b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7531b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7541b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
7561b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
7571b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7581b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7601b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7611b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7631b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7641b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7661b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7671b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b361:<flags> [calling]
7681b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7691b00.4d4: supR3HardenedDllNotificationCallback: load 000007feff370000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
7701b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7711b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
7721b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
7731b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\IMM32.DLL'
7741b00.4d4: \Device\HarddiskVolume3\Windows\System32\nvinitx.dll: Owner is administrators group.
7751b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
7761b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
7771b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nvinitx.dll)
7781b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nvinitx.dll
7791b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7801b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7811b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7821b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7831b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7841b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
7851b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027af71:<flags> [calling]
7861b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
7871b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcd00000 LB 0x00032000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
7881b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
7891b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\nvinitx.dll'
7901b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f90000 'C:\Windows\system32\USER32.dll'
7911b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
7921b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
7931b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
7941b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
7951b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
7961b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7971b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7981b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7991b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8001b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8011b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8031b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8041b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8051b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c821:<flags> [calling]
8061b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8071b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
8081b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8091b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\ncrypt.dll'
8101b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8111b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c611:<flags> [calling]
8121b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\Windows\system32\bcrypt.dll'
8131b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8141b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
8151b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8161b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
8171b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
8181b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8191b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8201b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8211b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
8221b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
8231b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8241b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8251b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8261b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8271b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8281b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8291b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8301b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8311b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8321b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027bfd1:<flags> [calling]
8331b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8341b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcdf0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
8351b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8361b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcde0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
8371b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8381b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdf0000 'C:\Windows\system32\USERENV.dll'
8391b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bd31:<flags> [calling]
8401b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8411b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027c0c1:<flags> [calling]
8421b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8431b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8441b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
8451b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
8461b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
8471b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8481b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8491b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8511b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8521b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8531b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c2f1:<flags> [calling]
8541b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8551b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefbca0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
8561b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8571b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbca0000 'C:\Windows\system32\GPAPI.dll'
8581b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027c241:<flags> [calling]
8591b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8601b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8611b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b941:<flags> [calling]
8621b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1a0000 'C:\Windows\system32\rpcrt4.dll'
8631b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027c221:<flags> [calling]
8641b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
8651b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027c231:<flags> [calling]
8661b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8671b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8681b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
8691b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8701b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
8711b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
8721b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
8731b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8741b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8751b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8761b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
8771b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
8781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8791b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8801b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8811b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8821b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8831b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8841b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8861b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8871b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8881b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8891b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8901b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027bd11:<flags> [calling]
8911b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8921b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef6240000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
8931b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8941b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefe3f0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
8951b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8961b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8971b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
8981b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
8991b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9001b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
9011b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9021b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9031b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
9041b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9051b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9061b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
9071b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9081b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9091b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
9101b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9111b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9121b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000027af41:<flags> [calling]
9131b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9141b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9151b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9161b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9171b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9181b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9191b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9201b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9211b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9221b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9231b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9241b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9251b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9261b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6240000 'C:\Windows\system32\cryptnet.dll'
9271b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027b6a1:<flags> [calling]
9281b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9291b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9301b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b6a1:<flags> [calling]
9311b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcde0000 'C:\Windows\system32\profapi.dll'
9321b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9331b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9341b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9351b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
9361b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
9371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9381b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9391b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9401b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9421b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9431b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9451b00.4d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9461b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b141:<flags> [calling]
9471b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9481b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
9491b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9501b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\SHLWAPI.dll'
9511b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9521b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000087e370
9531b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
9541b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B2074603B390BFFDF065F1D99436E162DA01247
9551b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bfe1:<flags> [calling]
9561b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9571b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bb41:<flags> [calling]
9581b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9591b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bb41:<flags> [calling]
9601b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
9611b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9621b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027bfe1:<flags> [calling]
9631b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
9641b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bf91:<flags> [calling]
9651b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9661b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000027bc81:<flags> [calling]
9671b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9681b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
9691b00.4d4: g_pfnWinVerifyTrust=000007fefd151010
9701b00.4d4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9711b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
9721b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
9731b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
9741b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
9751b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
9761b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9771b00.4d4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
9781b00.4d4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
9801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
9811b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
9821b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
9831b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
9841b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9851b00.4d4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
9861b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
9871b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
9881b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
9891b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
9901b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
9911b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9921b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
9931b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
9941b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
9951b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
9961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
9971b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
9981b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9991b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
10001b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10011b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10021b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10031b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
10041b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10051b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10061b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10071b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
10081b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
10111b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10121b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10131b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10141b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
10151b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10161b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10171b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10181b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10191b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10201b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10211b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
10221b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10231b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10241b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
10251b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
10261b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10271b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
10281b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
10291b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10301b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10311b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70BE8DF8A16BB94EF111539086D4FF1AD2F9302E
10321b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3161561~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
10331b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10341b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
10351b00.4d4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume3\Windows\System32\nvinitx.dll'
10361b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume3\Windows\System32\nvinitx.dll
10371b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10381b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10391b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=17C33C068D11D610304E3607D9DE6F23714F268F
10401b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT'; file='\Device\HarddiskVolume3\Windows\System32\nvinitx.dll'
10411b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
10421b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nvinitx.dll'
10431b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
10441b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10451b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10461b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
10471b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
10481b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10491b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
10501b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
10511b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10521b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10531b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
10541b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
10551b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10561b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
10571b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
10581b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10591b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10601b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
10611b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
10621b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10631b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
10641b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
10651b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10661b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10671b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B248FC58436AAEFEF00A75FCE0F004E89F8C7F94
10681b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
10691b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10701b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
10711b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
10721b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10731b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10741b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
10751b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
10761b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10771b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
10781b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
10791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10811b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
10821b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
10831b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10841b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
10851b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
10861b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10871b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10881b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
10891b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
10901b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10911b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
10921b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
10931b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
10941b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
10951b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2FBDB2BE50EFD6099E890F4DD263A53B8B2EE30E
10961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3161561~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
10971b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10981b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
10991b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
11001b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
11011b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11021b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11031b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
11041b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
11051b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11061b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
11071b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
11081b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
11111b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
11121b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11131b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
11141b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
11151b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11161b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11171b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D43404454E9187689A82DF7C071193F419224E
11181b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
11191b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11201b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
11211b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
11221b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
11231b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11241b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11251b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
11261b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
11271b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11281b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
11291b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11301b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11311b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11321b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
11331b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
11341b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11351b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
11361b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
11371b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11381b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11391b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
11401b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
11411b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11421b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
11431b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
11441b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11451b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11461b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F54D373BC118C6B384E74714832EFD4D9FBAA12
11471b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3161561~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
11481b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11491b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
11501b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11511b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
11521b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11531b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11541b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7692F3D670BDC0FC9E32BAA19C7AB6DDD55F2067
11551b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11561b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11571b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11581b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
11591b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
11601b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
11611b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD16A55718A266ABD00ED5A81A94217318BED5ED
11621b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11631b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11641b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11651b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
11661b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027ba91:<flags> [calling]
11671b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\crypt32.dll'
11681b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11691b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11701b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11711b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11721b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11731b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11741b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11751b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11761b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11771b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11781b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11791b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11801b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
11811b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11821b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
11831b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11841b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11851b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11861b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11871b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11881b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11891b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11901b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11911b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11921b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11931b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
11941b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11951b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11961b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11971b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11981b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
11991b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
12001b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12011b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12021b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
12031b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
12041b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12051b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12061b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12071b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
12081b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12091b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12101b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12111b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12121b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12131b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12141b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
12151b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12161b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
12171b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
12181b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
12191b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
12201b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
12211b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
12221b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12231b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
12241b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12251b00.4d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12261b00.4d4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=58
12271b00.4d4: SUPR3HardenedMain: Load Runtime...
12281b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12291b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12301b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12311b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12321b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12331b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12341b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12351b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12361b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12381b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12391b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12401b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
12411b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
12421b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
12431b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
12441b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12451b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12461b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12471b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12481b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
12491b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12511b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12521b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12531b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12541b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12561b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12571b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12581b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12611b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
12631b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
12641b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
12651b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
12661b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
12671b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
12681b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
12691b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12701b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
12711b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
12721b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12731b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12741b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
12751b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12761b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12771b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12781b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027bdb1:<flags> [calling]
12791b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12801b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee5030000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12811b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12821b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12831b00.4d4: supR3HardenedDllNotificationCallback: load 0000000069dc0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12841b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
12851b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12861b00.4d4: supR3HardenedDllNotificationCallback: load 0000000069d20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12871b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12881b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefee10000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
12891b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12901b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
12911b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
12921b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12931b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
12941b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12951b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12961b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
12971b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12981b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12991b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13001b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13011b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13021b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13031b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13041b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13051b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13061b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13071b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13081b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13091b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13101b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13111b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13121b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13131b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13141b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13151b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13161b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13171b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13181b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13191b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13201b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13211b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13221b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13231b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13241b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13251b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13261b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13281b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13291b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13301b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13311b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13321b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13331b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13341b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13351b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
13361b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002794f1:<flags> [calling]
13371b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13381b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13391b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13401b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5030000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13411b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
13421b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027d911:<flags> [calling]
13431b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\Wintrust.dll'
13441b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13451b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027c471:<flags> [calling]
13461b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\crypt32.dll'
13471b00.4d4: SUPR3HardenedMain: Load TrustedMain...
13481b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13491b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13501b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13511b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13521b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13531b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13541b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13551b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13561b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13571b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13581b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13591b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13601b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13611b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13621b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13631b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13641b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
13651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13661b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13671b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
13681b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
13691b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
13701b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
13711b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
13721b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13731b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13741b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13751b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
13761b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
13771b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
13811b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
13821b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BC5EE6972BF0BFEF4A099CB82428B9B682CAD7
13831b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
13841b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13851b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13861b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13871b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
13881b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
13891b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13901b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
13911b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13931b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13941b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
13951b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
13961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
13971b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
13981b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
13991b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14001b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14011b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14021b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14031b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14041b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
14051b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
14061b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14071b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14081b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
14091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
14101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
14111b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
14121b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
14131b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14141b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14151b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14161b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14171b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14181b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
14191b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14211b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14221b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14231b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14241b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14251b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14261b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14271b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14281b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14291b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14301b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14311b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14321b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14331b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
14341b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
14351b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14361b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14371b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
14381b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
14391b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14401b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14411b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
14421b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
14431b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
14441b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14451b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14471b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14481b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14491b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14501b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14511b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14521b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14531b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14541b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14561b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14571b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14581b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14591b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14601b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14611b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
14621b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14631b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
14641b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14661b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14671b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14681b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14691b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14701b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14711b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14721b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14731b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14741b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14751b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
14761b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14771b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14791b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
14801b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14811b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14821b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14831b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14841b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14861b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14871b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
14881b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
14891b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
14901b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
14911b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
14921b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14931b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14941b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14951b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14961b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14971b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14981b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14991b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
15001b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15011b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15031b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15041b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15051b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
15061b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
15071b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
15081b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
15101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15111b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15121b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15131b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15141b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15151b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15161b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15171b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
15181b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
15191b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15211b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
15221b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
15231b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
15241b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15251b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
15261b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15271b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15281b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15291b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15301b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
15311b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
15321b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15331b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15341b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
15351b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15361b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15371b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15381b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15391b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15401b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15421b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15431b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15451b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15471b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15481b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume3\Windows\System32\mpr.dll
15491b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
15501b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
15511b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
15521b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\mpr.dll'
15531b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15541b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) WinVerifyTrust
15551b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
15561b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15571b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15581b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
15591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15611b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15631b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15641b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15661b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
15671b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15691b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15701b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15711b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15721b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15731b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15741b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15751b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15761b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15771b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15791b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15801b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15811b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15821b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15831b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15841b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
15851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15861b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15871b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15881b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15891b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15901b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
15911b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15931b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15941b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15951b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15961b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15971b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15981b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15991b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16001b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16011b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16031b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
16041b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16051b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16061b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
16071b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
16081b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
16091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
16111b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16121b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16131b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16141b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16151b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16161b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16171b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16181b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
16191b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
16201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16211b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16221b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv
16231b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
16241b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
16251b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16261b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv'
16271b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16281b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16291b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16301b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16311b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) WinVerifyTrust
16321b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
16331b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16341b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16351b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16361b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16381b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16391b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16401b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16411b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16421b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16431b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16451b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16471b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16481b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16491b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16501b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16511b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16521b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16531b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16541b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16561b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16571b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16581b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16611b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
16621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16631b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16641b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
16651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16661b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16671b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16691b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16701b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16711b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16721b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16731b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16741b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16751b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16761b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16771b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16791b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16801b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16811b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16821b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16831b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16841b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16851b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16861b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16871b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16881b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16891b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16901b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16911b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16931b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16941b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16951b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16961b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16971b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16981b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
16991b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17001b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17011b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll
17021b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
17031b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
17041b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
17051b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
17061b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17071b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17081b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17091b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17101b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
17111b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
17121b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17131b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17141b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
17151b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17161b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17171b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17181b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17191b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
17201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17211b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17221b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17231b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17241b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17251b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17261b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17271b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17281b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17291b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17301b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17311b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
17321b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
17331b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
17341b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
17351b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
17361b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17371b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17381b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17391b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17401b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
17411b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
17421b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17431b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17441b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
17451b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
17461b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
17471b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
17481b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
17491b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17501b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17511b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17521b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17531b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17541b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17551b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17561b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17571b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
17581b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
17591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17611b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17631b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
17641b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
17651b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
17661b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EB130FE5667C75A1CCDD15015B9391131942AA9
17671b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
17681b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17691b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17701b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17711b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17721b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) WinVerifyTrust
17731b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
17741b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17751b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17761b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17771b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17791b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17801b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17811b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17821b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17831b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17841b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
17851b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
17861b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
17871b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
17881b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
17891b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
17901b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
17911b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17921b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17931b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
17941b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
17951b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
17961b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17971b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17981b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17991b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18001b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18011b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18031b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18041b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18051b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18061b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18071b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18081b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18091b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18101b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
18111b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
18121b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
18131b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
18141b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18151b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18161b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18171b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18181b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
18191b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18211b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18221b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18231b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18241b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18251b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18261b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18271b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18281b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18291b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18301b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18311b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18321b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18331b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18341b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18351b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18361b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18381b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18391b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18401b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18421b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18431b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027bdc1:<flags> [calling]
18441b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
18451b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee32f0000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18461b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
18471b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
18481b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee45f0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
18491b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
18501b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
18511b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef5a80000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
18521b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
18531b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
18541b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee44f0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
18551b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
18561b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
18571b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef5a70000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
18581b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
18591b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefe450000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
18601b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
18611b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd110000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
18621b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18631b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x000d8000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
18641b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18651b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
18661b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18671b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcfa0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
18681b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
18691b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
18701b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefaf30000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18711b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
18721b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18731b00.4d4: supR3HardenedDllNotificationCallback: load 0000000069660000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
18741b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18751b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
18761b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
18771b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
18781b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef5610000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
18791b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
18801b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18811b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee4a80000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
18821b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18831b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18841b00.4d4: supR3HardenedDllNotificationCallback: load 00000000682c0000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18851b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18861b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18871b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee5b50000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18881b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18891b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
18901b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefaa50000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
18911b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
18921b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefeed0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
18931b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
18941b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18951b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18961b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18971b00.4d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18981b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18991b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef8600000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
19001b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
19011b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19021b00.4d4: supR3HardenedDllNotificationCallback: load 0000000069cc0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
19031b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19041b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19051b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefa9b0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
19061b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19071b00.4d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
19081b00.4d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
19091b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
19101b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19111b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19121b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19131b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19141b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19151b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19161b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b391:<flags> [calling]
19171b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\imm32.dll'
19181b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.DLL'
19191b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
19201b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
19211b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\Windows\system32\cryptbase.dll'
19221b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32f0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19231b00.4d4: SUPR3HardenedMain: Calling TrustedMain (000007fee32f1610)...
19241b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19251b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027d951:<flags> [calling]
19261b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
19271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
19281b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19291b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e171:<flags> [calling]
19301b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\shell32.dll'
19311b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
19321b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
19331b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
19341b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
19351b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
19361b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
19371b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
19381b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
19391b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19401b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19411b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19421b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19431b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19451b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19471b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19481b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19491b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19511b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19521b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19531b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19541b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19551b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19561b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19571b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19581b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19601b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19611b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19631b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19641b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19661b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19671b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19691b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
19701b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19711b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19721b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19731b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e301:<flags> [calling]
19741b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19751b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee4950000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
19761b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19771b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4950000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
19781b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005cc pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
19801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
19811b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
19821b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
19831b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19841b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19851b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19861b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19871b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
19881b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19891b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19901b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19911b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19931b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19941b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19951b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e2f1:<flags> [calling]
19961b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19971b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefb360000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
19981b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19991b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb360000 'C:\Windows\system32\uxtheme.dll'
20001b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20011b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027dd31:<flags> [calling]
20021b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb360000 'C:\Windows\system32\uxtheme.dll'
20031b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20041b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027daa1:<flags> [calling]
20051b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb360000 'C:\Windows\system32\uxtheme.dll'
20061b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20071b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027daa1:<flags> [calling]
20081b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb360000 'C:\Windows\system32\uxtheme.dll'
20091b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
20101b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e231:<flags> [calling]
20111b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\Windows\system32\CRYPTBASE.dll'
20121b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f90000 'C:\Windows\system32\user32.dll'
20131b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20141b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e541:<flags> [calling]
20151b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\shell32.dll'
20161b00.4d4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
20171b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e421:<flags> [calling]
20181b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
20191b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
20201b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027dbe1:<flags> [calling]
20211b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf30000 'C:\Windows\system32\dwmapi.dll'
20221b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20231b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e961:<flags> [calling]
20241b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
20251b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20261b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e961:<flags> [calling]
20271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
20281b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20291b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e9b1:<flags> [calling]
20301b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\shell32.dll'
20311b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20321b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e981:<flags> [calling]
20331b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb360000 'C:\Windows\system32\uxtheme.dll'
20341b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20351b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e901:<flags> [calling]
20361b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\advapi32.dll'
20371b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20381b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e901:<flags> [calling]
20391b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdf0000 'C:\Windows\system32\userenv.dll'
20401b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
20411b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027e9e1:<flags> [calling]
20421b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
20431b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20441b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
20451b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
20461b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
20471b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
20481b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20491b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20501b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20511b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20521b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20531b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20541b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20551b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust
20561b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20571b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20581b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20591b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20611b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20621b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20631b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20641b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20661b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
20671b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20691b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20701b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20711b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20721b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20731b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027b761:<flags> [calling]
20741b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20751b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefef70000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
20761b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20771b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef70000 'C:\Windows\system32\CLBCatQ.DLL'
20781b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
20791b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
20801b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a551:<flags> [calling]
20811b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5d0000 'C:\Windows\system32\CRYPTSP.dll'
20821b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
20831b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
20841b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
20851b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20861b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll'
20871b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20881b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20891b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20901b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
20911b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20921b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20931b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a121:<flags> [calling]
20941b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
20951b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcce0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
20961b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
20971b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcce0000 'C:\Windows\system32\RpcRtRemote.dll'
20981b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20991b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21001b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21011b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21021b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21031b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21041b00.ff8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
21051b00.ff8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21061b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21071b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21081b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21091b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21101b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21111b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21121b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21131b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21141b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21151b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21161b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21171b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21181b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
21191b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21201b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21211b00.ff8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000534eaf1:<flags> [calling]
21221b00.ff8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21231b00.ff8: supR3HardenedDllNotificationCallback: load 000007fee3ff0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21241b00.ff8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
21251b00.ff8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21261b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21271b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21281b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21291b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21301b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21311b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21321b00.ff8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21331b00.ff8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21341b00.ff8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21351b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21361b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21371b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21381b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21391b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21401b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21411b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21421b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21431b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21441b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21451b00.ff8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
21461b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21471b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21481b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21491b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21501b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21511b00.ff8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21521b00.ff8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000534d611:<flags> [calling]
21531b00.ff8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21541b00.ff8: supR3HardenedDllNotificationCallback: load 000007fee4890000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21551b00.ff8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21561b00.ff8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4890000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21571b00.ff8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21581b00.ff8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000534d491:<flags> [calling]
21591b00.ff8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\oleaut32.dll'
21601b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
21611b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
21621b00.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21631b00.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21641b00.1aac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
21651b00.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21661b00.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21671b00.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21681b00.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21691b00.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21701b00.1aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000b6a331:<flags> [calling]
21711b00.1aac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21721b00.1aac: supR3HardenedDllNotificationCallback: load 000007fefab40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
21731b00.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
21741b00.1aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
21751b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000904 pwszName=\Device\HarddiskVolume3\Windows\System32\apphelp.dll
21761b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
21771b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
21781b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
21791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\apphelp.dll'
21801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21811b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) WinVerifyTrust
21821b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
21831b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
21841b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll
21851b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
21861b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll
21871b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbd0000 'C:\Windows\system32\apphelp.dll'
21881b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
21891b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
21901b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000279c91:<flags> [calling]
21911b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\MSCTF.dll'
21921b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
21931b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21941b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000277951:<flags> [calling]
21951b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\OLEAUT32.dll'
21961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000940 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
21971b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
21981b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
21991b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
22001b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
22011b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22021b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22031b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
22041b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22051b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22061b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22071b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
22081b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
22091b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22101b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22111b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22121b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22131b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22141b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22151b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22161b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22171b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22181b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22191b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22201b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22211b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000924 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22221b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
22231b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
22241b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
22251b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
22261b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22271b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22281b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
22291b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22301b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22311b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
22321b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
22331b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22341b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22351b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22361b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22371b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22381b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
22391b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22401b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22411b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22421b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22431b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22441b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22451b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22471b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000276271:<flags> [calling]
22481b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22491b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef5cf0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
22501b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
22511b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22521b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef5c60000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
22531b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
22541b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5cf0000 'C:\Windows\system32\wbem\wbemprox.dll'
22551b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000968 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22561b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
22571b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
22581b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
22591b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
22601b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22611b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22621b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22631b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22641b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22661b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22671b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
22681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22691b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22701b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000275e31:<flags> [calling]
22711b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22721b00.4d4: supR3HardenedDllNotificationCallback: load 000007feed290000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
22731b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
22741b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed290000 'C:\Windows\system32\wbem\wbemsvc.dll'
22751b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000096c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22761b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
22771b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
22781b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
22791b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
22801b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22811b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22821b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
22831b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
22841b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
22851b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22861b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
22871b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22881b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
22891b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
22901b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
22911b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
22921b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
22931b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
22941b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
22951b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll'
22961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22971b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22981b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
22991b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
23001b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll) WinVerifyTrust
23011b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
23021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23031b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23041b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23051b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23061b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23071b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23081b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23091b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23101b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
23111b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23121b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23131b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23141b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23151b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23161b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23171b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23181b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23191b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23201b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000275e71:<flags> [calling]
23211b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
23221b00.4d4: supR3HardenedDllNotificationCallback: load 000007feee360000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
23231b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
23241b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
23251b00.4d4: supR3HardenedDllNotificationCallback: load 000007feee330000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
23261b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
23271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee360000 'C:\Windows\system32\wbem\fastprox.dll'
23281b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\OLEAUT32.dll'
23291b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
23301b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000275ba1:<flags> [calling]
23311b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\WINMM.dll'
23321b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\OLEAUT32.DLL'
23331b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23341b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23351b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23361b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23371b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
23381b00.19f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust
23391b00.19f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
23401b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23411b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23421b00.19f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23431b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23441b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23451b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23461b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23471b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23481b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23491b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23501b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23511b00.19f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007a4eaa1:<flags> [calling]
23521b00.19f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
23531b00.19f0: supR3HardenedDllNotificationCallback: load 000007fee2fc0000 LB 0x00128000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0]
23541b00.19f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
23551b00.19f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2fc0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL'
23561b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a34 pwszName=\Device\HarddiskVolume3\Windows\System32\mswsock.dll
23571b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
23581b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
23591b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
23601b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\mswsock.dll'
23611b00.1724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23621b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23631b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23641b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
23651b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
23661b00.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
23671b00.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
23681b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23691b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23701b00.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23711b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23721b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23731b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23741b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23751b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23761b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23771b00.1724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000791f051:<flags> [calling]
23781b00.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
23791b00.1724: supR3HardenedDllNotificationCallback: load 000007fefc570000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
23801b00.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
23811b00.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc570000 'C:\Windows\system32\mswsock.dll'
23821b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume3\Windows\System32\wship6.dll
23831b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
23841b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
23851b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=68F2FDFC5151940B71C922BC59B7767F02726F85
23861b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\wship6.dll'
23871b00.1724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23881b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
23891b00.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wship6.dll) WinVerifyTrust
23901b00.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wship6.dll
23911b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23921b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23931b00.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23941b00.1724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wship6.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000791f1f1:<flags> [calling]
23951b00.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wship6.dll
23961b00.1724: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x00007000 C:\Windows\System32\wship6.dll [fFlags=0x0]
23971b00.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wship6.dll
23981b00.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\System32\wship6.dll'
23991b00.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
24001b00.1724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000791f051:<flags> [calling]
24011b00.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc570000 'C:\Windows\system32\mswsock.dll'
24021b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a40 pwszName=\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
24031b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
24041b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
24051b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
24061b00.1724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL'
24071b00.1724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24081b00.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
24091b00.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
24101b00.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
24111b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24121b00.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24131b00.1724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000791f1f1:<flags> [calling]
24141b00.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
24151b00.1724: supR3HardenedDllNotificationCallback: load 000007fefbba0000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
24161b00.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL
24171b00.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbba0000 'C:\Windows\System32\wshtcpip.dll'
24181b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24191b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
24201b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24211b00.19f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
24221b00.19f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24231b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24241b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24251b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
24261b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
24271b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
24281b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24291b00.19f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
24301b00.19f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
24311b00.19f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
24321b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24331b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24341b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24351b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24361b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24371b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24381b00.19f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24391b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24401b00.19f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24411b00.19f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007a4e661:<flags> [calling]
24421b00.19f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24431b00.19f0: supR3HardenedDllNotificationCallback: load 000007fee2d20000 LB 0x00299000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
24441b00.19f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24451b00.19f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
24461b00.19f0: supR3HardenedDllNotificationCallback: load 0000000070100000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
24471b00.19f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
24481b00.19f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24491b00.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24501b00.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24511b00.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24521b00.1064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24531b00.1064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
24541b00.1064: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24551b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24561b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24571b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24581b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24591b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24601b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24611b00.1064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24621b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24631b00.1064: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24641b00.1064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
24651b00.1064: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bd2daf1:<flags> [calling]
24661b00.1064: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24671b00.1064: supR3HardenedDllNotificationCallback: load 000007fef8120000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
24681b00.1064: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24691b00.1064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8120000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
24701b00.1064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f90000 'C:\Windows\system32\User32.dll'
24711b00.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24721b00.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24731b00.dd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24741b00.dd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
24751b00.dd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24761b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24771b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24781b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24791b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24801b00.dd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
24811b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24821b00.dd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24831b00.dd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000be3dce1:<flags> [calling]
24841b00.dd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24851b00.dd4: supR3HardenedDllNotificationCallback: load 000007fef5ab0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
24861b00.dd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24871b00.dd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5ab0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
24881b00.1ac8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24891b00.1ac8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24901b00.1ac8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24911b00.1ac8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
24921b00.1ac8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24931b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24941b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24951b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24961b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24971b00.1ac8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
24981b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24991b00.1ac8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25001b00.1ac8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c01d911:<flags> [calling]
25011b00.1ac8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25021b00.1ac8: supR3HardenedDllNotificationCallback: load 000007feebf20000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
25031b00.1ac8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
25041b00.1ac8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf20000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
25051b00.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25061b00.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25071b00.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25081b00.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
25091b00.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25101b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25111b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25121b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25131b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25141b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25151b00.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25161b00.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a31dce1:<flags> [calling]
25171b00.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25181b00.1718: supR3HardenedDllNotificationCallback: load 000007feebf10000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
25191b00.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
25201b00.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
25211b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\Shell32.dll'
25221b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000a8c9171:<flags> [calling]
25231b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
25241b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
25251b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8c91b1:<flags> [calling]
25261b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcde0000 'C:\Windows\system32\profapi.dll'
25271b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25281b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cb4a1:<flags> [calling]
25291b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
25301b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25311b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25321b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25331b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25341b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25351b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
25361b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25371b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25381b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25391b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25401b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25411b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25421b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25431b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25441b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25451b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25461b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25471b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cc651:<flags> [calling]
25481b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25491b00.3e8: supR3HardenedDllNotificationCallback: load 000007feeba50000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
25501b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25511b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
25521b00.3e8: supR3HardenedDllNotificationCallback: Unload 000007feeba50000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
25531b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25541b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25551b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25561b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
25571b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
25581b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
25591b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
25601b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
25611b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
25621b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
25631b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
25641b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
25651b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
25661b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
25671b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c64 pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
25681b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
25691b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
25701b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
25711b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
25721b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25731b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25741b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
25751b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
25761b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
25771b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
25781b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
25791b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25801b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25811b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25821b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25831b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25841b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25851b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
25861b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25871b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25881b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
25891b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
25901b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25911b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25921b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
25931b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25941b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
25951b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
25961b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25971b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25981b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25991b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
26001b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
26011b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
26021b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26031b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26041b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26051b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26061b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26071b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26081b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26091b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26101b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26111b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26121b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26131b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26141b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
26151b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26161b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26171b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26181b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26191b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26201b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26211b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26221b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26231b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26241b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26251b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26261b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26271b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
26281b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
26291b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c74 pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll
26301b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
26311b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
26321b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
26331b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
26341b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26351b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26361b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26371b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
26381b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
26391b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26401b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26411b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26421b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
26431b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26441b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26451b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26461b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26471b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
26481b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26491b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26501b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26511b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26521b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd641:<flags> [calling]
26531b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
26541b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee2450000 LB 0x008c6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
26551b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
26561b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26571b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee5af0000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
26581b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
26591b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26601b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee9f60000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
26611b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26621b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26631b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef80b0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
26641b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26651b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26661b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef80a0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
26671b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26681b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2450000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
26691b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26701b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd641:<flags> [calling]
26711b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26721b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee6bb0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
26731b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
26741b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6bb0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
26751b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
26761b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd641:<flags> [calling]
26771b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
26781b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
26791b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd551:<flags> [calling]
26801b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9f60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
26811b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26821b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26831b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
26841b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26851b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26861b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26871b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26881b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26891b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd551:<flags> [calling]
26901b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26911b00.3e8: supR3HardenedDllNotificationCallback: load 000007feebef0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
26921b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
26931b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebef0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
26941b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26951b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26961b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
26971b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
26981b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26991b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27001b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27011b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27021b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd551:<flags> [calling]
27031b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
27041b00.3e8: supR3HardenedDllNotificationCallback: load 000007feeba60000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
27051b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
27061b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
27071b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27081b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27091b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
27101b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27111b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27121b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27131b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27141b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27151b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd551:<flags> [calling]
27161b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27171b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee9f40000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
27181b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
27191b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9f40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
27201b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27211b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27221b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
27231b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27241b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27251b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27261b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27271b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27281b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd551:<flags> [calling]
27291b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27301b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee9b60000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
27311b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
27321b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9b60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
27331b00.16e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27341b00.16e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27351b00.16e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27361b00.16e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
27371b00.16e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27381b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27391b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27401b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27411b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27421b00.16e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27431b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27441b00.16e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27451b00.16e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bc2d8a1:<flags> [calling]
27461b00.16e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27471b00.16e4: supR3HardenedDllNotificationCallback: load 000007feeba50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
27481b00.16e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27491b00.16e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
27501b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27511b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb91:<flags> [calling]
27521b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27531b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27541b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27551b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27561b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
27571b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
27581b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27591b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27601b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27611b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27621b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27631b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27641b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27651b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27661b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27671b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ceaa1:<flags> [calling]
27681b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27691b00.3e8: supR3HardenedDllNotificationCallback: load 000007fee5600000 LB 0x0008a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
27701b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
27711b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5600000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
27721b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
27731b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd491:<flags> [calling]
27741b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80b0000 'C:\Windows\system32\Iphlpapi.dll'
27751b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a0 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
27761b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
27771b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
27781b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
27791b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
27801b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27811b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27821b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27831b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
27841b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
27851b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
27861b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27871b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27881b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27891b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27901b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27911b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27921b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce5e1:<flags> [calling]
27931b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
27941b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef7eb0000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
27951b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
27961b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7eb0000 'C:\Windows\system32\dhcpcsvc6.DLL'
27971b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
27981b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce301:<flags> [calling]
27991b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80b0000 'C:\Windows\system32\IPHLPAPI.DLL'
28001b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c4 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
28011b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
28021b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
28031b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
28041b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
28051b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28061b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28071b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28081b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
28091b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
28101b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
28111b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
28121b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
28131b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
28141b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
28151b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28161b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28171b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28181b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28191b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28201b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28211b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce631:<flags> [calling]
28221b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
28231b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef7e90000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
28241b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
28251b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e90000 'C:\Windows\system32\dhcpcsvc.DLL'
28261b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
28271b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce291:<flags> [calling]
28281b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80b0000 'C:\Windows\system32\IPHLPAPI.DLL'
28291b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000113c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
28301b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
28311b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
28321b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
28331b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
28341b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28351b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28361b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
28371b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28381b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28391b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
28401b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
28411b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
28421b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
28431b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
28441b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
28451b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001140 pwszName=\Device\HarddiskVolume3\Windows\System32\powrprof.dll
28461b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
28471b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
28481b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
28491b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
28501b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28511b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28521b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
28531b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28541b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) WinVerifyTrust
28551b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
28561b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28571b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28581b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
28591b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28601b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28611b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
28621b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28631b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28641b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28651b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28661b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28671b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28681b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28691b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28701b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28711b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28721b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28731b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28741b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28751b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd4e1:<flags> [calling]
28761b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28771b00.3e8: supR3HardenedDllNotificationCallback: load 000007fefa050000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
28781b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28791b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
28801b00.3e8: supR3HardenedDllNotificationCallback: load 000007fefa420000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
28811b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
28821b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28831b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cc851:<flags> [calling]
28841b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\System32\dsound.dll'
28851b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\System32\dsound.dll'
28861b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28871b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd4e1:<flags> [calling]
28881b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\system32\dsound.dll'
28891b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001150 pwszName=\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
28901b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
28911b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
28921b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
28931b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll'
28941b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28951b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28961b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28971b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
28981b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
28991b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
29001b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29011b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
29021b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
29031b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001168 pwszName=\Device\HarddiskVolume3\Windows\System32\propsys.dll
29041b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
29051b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
29061b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
29071b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\propsys.dll'
29081b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29091b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29101b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
29111b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
29121b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29131b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29141b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
29151b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
29161b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29171b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29181b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29191b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29201b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29211b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29221b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29231b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29241b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29251b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29261b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29271b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29281b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29291b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29301b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29311b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29321b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ccf61:<flags> [calling]
29331b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29341b00.3e8: supR3HardenedDllNotificationCallback: load 000007fefaf50000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
29351b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29361b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
29371b00.3e8: supR3HardenedDllNotificationCallback: load 000007fefb3c0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
29381b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
29391b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\ADVAPI32.dll'
29401b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'C:\Windows\System32\MMDevApi.dll'
29411b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
29421b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
29431b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd271:<flags> [calling]
29441b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe450000 'C:\Windows\system32\SETUPAPI.dll'
29451b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
29461b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce0e1:<flags> [calling]
29471b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\SHLWAPI.dll'
29481b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29491b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8ce301:<flags> [calling]
29501b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'C:\Windows\system32\MMDEVAPI.DLL'
29511b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
29521b00.12c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
29531b00.12c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001ad5f2f1:<flags> [calling]
29541b00.12c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\CFGMGR32.dll'
29551b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
29561b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdf31:<flags> [calling]
29571b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
29581b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000a8cdd91:<flags> [calling]
29591b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
29601b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000a8cdd91:<flags> [calling]
29611b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
29621b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1a0000 'C:\Windows\system32\RPCRT4.dll'
29631b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29641b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cddf1:<flags> [calling]
29651b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf50000 'C:\Windows\system32\MMDevAPI.DLL'
29661b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a0 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
29671b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
29681b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
29691b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
29701b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
29711b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29721b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29731b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29741b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29751b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
29761b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
29771b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
29781b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
29791b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
29801b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
29811b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
29821b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
29831b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
29841b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a4 pwszName=\Device\HarddiskVolume3\Windows\System32\avrt.dll
29851b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
29861b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
29871b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
29881b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\avrt.dll'
29891b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29901b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
29911b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
29921b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29931b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29941b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
29951b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
29961b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
29971b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001190 pwszName=\Device\HarddiskVolume3\Windows\System32\ksuser.dll
29981b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
29991b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
30001b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
30011b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ksuser.dll'
30021b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30031b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30041b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
30051b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
30061b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30071b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30081b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30091b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30101b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30111b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30121b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30131b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30141b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30151b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30161b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30171b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30181b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd961:<flags> [calling]
30191b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30201b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef9190000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
30211b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30221b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
30231b00.3e8: supR3HardenedDllNotificationCallback: load 00000000749c0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
30241b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
30251b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
30261b00.3e8: supR3HardenedDllNotificationCallback: load 000007fefa3a0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
30271b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
30281b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30291b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30301b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd961:<flags> [calling]
30311b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30321b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30331b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb11:<flags> [calling]
30341b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30351b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30361b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb11:<flags> [calling]
30371b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30381b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30391b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb11:<flags> [calling]
30401b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30411b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011dc pwszName=\Device\HarddiskVolume3\Windows\System32\AudioSes.dll
30421b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
30431b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
30441b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
30451b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\AudioSes.dll'
30461b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30471b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30481b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30491b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30501b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
30511b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30521b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
30531b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
30541b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
30551b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
30561b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
30571b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30581b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30591b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30601b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30611b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30621b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30631b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30641b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30651b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
30661b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30671b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30681b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30691b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30701b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30711b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30721b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb21:<flags> [calling]
30731b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
30741b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef8f10000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
30751b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
30761b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Windows\system32\AUDIOSES.DLL'
30771b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30781b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb11:<flags> [calling]
30791b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30801b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
30811b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb11:<flags> [calling]
30821b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30831b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30841b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30851b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30861b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wdmaud.drv'
30871b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b8 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
30881b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
30891b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
30901b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
30911b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
30921b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30931b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30941b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30951b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
30961b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
30971b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
30981b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
30991b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31001b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
31011b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
31021b00.3e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
31031b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
31041b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
31051b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.dll
31061b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
31071b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
31081b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
31091b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.dll'
31101b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31111b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31121b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31131b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
31141b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
31151b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
31161b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
31171b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
31181b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31191b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31201b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31211b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31221b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31231b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31241b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31251b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31261b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
31271b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
31281b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31291b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31301b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31311b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31321b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31331b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31341b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd911:<flags> [calling]
31351b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31361b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef8ee0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
31371b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31381b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
31391b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef8e40000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
31401b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
31411b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31421b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31431b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31441b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31451b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31461b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31471b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31481b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31491b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31501b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31511b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31521b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31531b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31541b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31551b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31561b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31571b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
31581b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd311:<flags> [calling]
31591b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31601b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31611b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31621b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ee0000 'C:\Windows\system32\msacm32.drv'
31631b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011d8 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
31641b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
31651b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
31661b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
31671b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
31681b00.3e8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31691b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31701b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
31711b00.3e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
31721b00.3e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
31731b00.3e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
31741b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31751b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31761b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31771b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31781b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31791b00.3e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31801b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd911:<flags> [calling]
31811b00.3e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
31821b00.3e8: supR3HardenedDllNotificationCallback: load 000007fef8e30000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
31831b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
31841b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e30000 'C:\Windows\system32\midimap.dll'
31851b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
31861b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd2e1:<flags> [calling]
31871b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e30000 'C:\Windows\system32\midimap.dll'
31881b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
31891b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd2e1:<flags> [calling]
31901b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e30000 'C:\Windows\system32\midimap.dll'
31911b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
31921b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd911:<flags> [calling]
31931b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e30000 'C:\Windows\system32\midimap.dll'
31941b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
31951b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
31961b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
31971b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\ole32.dll'
31981b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
31991b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdf31:<flags> [calling]
32001b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32011b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32021b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32031b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
32041b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd4f1:<flags> [calling]
32051b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\system32\dsound.dll'
32061b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32071b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32081b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32091b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32101b00.1a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
32111b00.1a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001b71d8a1:<flags> [calling]
32121b00.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Windows\System32\audioses.dll'
32131b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
32141b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cd6a1:<flags> [calling]
32151b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa050000 'C:\Windows\system32\dsound.dll'
32161b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9b0000 'C:\Windows\system32\winmm.dll'
32171b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2d20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32181b00.3e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32191b00.3e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a8cdb91:<flags> [calling]
32201b00.3e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e70000 'C:\Windows\system32\kernel32.dll'
32211b00.19f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\OLEAUT32.dll'
32221b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
32231b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a5c1:<flags> [calling]
32241b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf30000 'C:\Windows\system32\dwmapi.dll'
32251b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
32261b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\opengl32.dll (Input=opengl32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a7c1:<flags> [calling]
32271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\opengl32.dll'
32281b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
32291b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a751:<flags> [calling]
32301b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
32311b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
32321b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
32331b00.4d4: \Device\HarddiskVolume3\Windows\System32\ig7icd64.dll: Owner is administrators group.
32341b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
32351b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000278181:<flags> [calling]
32361b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\crypt32.dll'
32371b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
32381b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'igdusc64.dll'.
32391b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32401b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
32411b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
32421b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
32431b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'dwmapi.dll'.
32441b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ig7icd64.dll) WinVerifyTrust
32451b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ig7icd64.dll
32461b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
32471b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
32481b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
32491b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
32501b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
32511b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001350 pwszName=\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
32521b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
32531b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
32541b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
32551b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll'
32561b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32571b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32581b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
32591b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
32601b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32611b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32621b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32631b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
32641b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
32651b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32661b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32671b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdusc64.dll'...
32681b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdusc64.dll' -> '\Device\HarddiskVolume3\Windows\System32\igdusc64.dll' [rcNtRedir=0xc0150008]
32691b00.4d4: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll: Owner is administrators group.
32701b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
32711b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32721b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32731b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000277ba1:<flags> [calling]
32741b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\crypt32.dll'
32751b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\igdusc64.dll) WinVerifyTrust
32761b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\igdusc64.dll
32771b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
32781b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
32791b00.4d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
32801b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ig7icd64.dll (Input=ig7icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000279f81:<flags> [calling]
32811b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig7icd64.dll
32821b00.4d4: supR3HardenedDllNotificationCallback: load 000007fee11c0000 LB 0x00833000 C:\Windows\system32\ig7icd64.dll [fFlags=0x0]
32831b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig7icd64.dll
32841b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\igdusc64.dll
32851b00.4d4: supR3HardenedDllNotificationCallback: load 000007fef4120000 LB 0x0045f000 C:\Windows\system32\igdusc64.dll [fFlags=0x0]
32861b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\igdusc64.dll
32871b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
32881b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefc0b0000 LB 0x00011000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
32891b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
32901b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee11c0000 'C:\Windows\system32\ig7icd64.dll'
32911b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
32921b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\gdi32.dll'
32931b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000974 pwszName=\Device\HarddiskVolume3\Windows\System32\version.dll
32941b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087e370
32951b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087e370
32961b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
32971b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\version.dll'
32981b00.4d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32991b00.4d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
33001b00.4d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust
33011b00.4d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
33021b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33031b00.4d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33041b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a451:<flags> [calling]
33051b00.4d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
33061b00.4d4: supR3HardenedDllNotificationCallback: load 000007fefb910000 LB 0x0000c000 C:\Windows\system32\version.dll [fFlags=0x0]
33071b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
33081b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb910000 'C:\Windows\system32\version.dll'
33091b00.4d4: supR3HardenedDllNotificationCallback: Unload 000007fefb910000 LB 0x0000c000 C:\Windows\system32\version.dll [flags=0x0]
33101b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
33111b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a751:<flags> [calling]
33121b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33131b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33141b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33151b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33161b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33171b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33181b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ig7icd64.dll
33191b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ig7icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a631:<flags> [calling]
33201b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee11c0000 'C:\Windows\system32\ig7icd64.dll'
33211b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33221b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33231b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
33241b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a4e1:<flags> [calling]
33251b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33261b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33271b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33281b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33291b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33301b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33311b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33321b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33331b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33341b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33351b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33361b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33371b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33381b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33391b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33401b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33411b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
33421b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a4e1:<flags> [calling]
33431b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33441b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33451b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33461b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33471b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33481b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33491b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33501b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33511b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33521b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33531b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33541b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33551b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33561b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33571b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33581b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33591b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33601b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33611b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33621b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33631b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33641b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33651b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33661b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33671b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33681b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33691b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33701b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33711b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33721b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33731b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33741b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33751b00.4d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
33761b00.4d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000027a591:<flags> [calling]
33771b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33781b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33791b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33801b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33811b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33821b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33831b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33841b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33851b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33861b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33871b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33881b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33891b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33901b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33911b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33921b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33931b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33941b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33951b00.4d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee45f0000 'C:\Windows\system32\OPENGL32.dll'
33961b00.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
33971b00.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000011f71f701:<flags> [calling]
33981b00.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\Windows\system32\avrt.dll'
33991b00.1ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
34001b00.1ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b0af781:<flags> [calling]
34011b00.1ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\Windows\system32\avrt.dll'
34021b00.166c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
34031b00.166c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b0bfc71:<flags> [calling]
34041b00.166c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\Windows\system32\avrt.dll'
340537c.5bc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2982422 ms, the end);
34061b10.1a74: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2983027 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy