VirtualBox

Ticket #16048: VBoxHardening.log

File VBoxHardening.log, 282.1 KB (added by Evghenius, 8 years ago)
Line 
113c4.1388: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
213c4.1388: \SystemRoot\System32\ntdll.dll:
313c4.1388: CreationTime: 2016-03-27T21:48:45.859375000Z
413c4.1388: LastWriteTime: 2016-02-11T18:52:52.157940400Z
513c4.1388: ChangeTime: 2016-10-08T02:27:51.691190300Z
613c4.1388: FileAttributes: 0x20
713c4.1388: Size: 0x1a73d8
813c4.1388: NT Headers: 0xe0
913c4.1388: Timestamp: 0x56bcd74c
1013c4.1388: Machine: 0x8664 - amd64
1113c4.1388: Timestamp: 0x56bcd74c
1213c4.1388: Image Version: 6.1
1313c4.1388: SizeOfImage: 0x1aa000 (1744896)
1413c4.1388: Resource Dir: 0x14e000 LB 0x5a028
1513c4.1388: ProductName: Microsoft® Windows® Operating System
1613c4.1388: ProductVersion: 6.1.7601.19160
1713c4.1388: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
1813c4.1388: FileDescription: NT Layer DLL
1913c4.1388: \SystemRoot\System32\kernel32.dll:
2013c4.1388: CreationTime: 2016-03-27T21:48:45.359375000Z
2113c4.1388: LastWriteTime: 2016-02-11T18:44:34.819000000Z
2213c4.1388: ChangeTime: 2016-10-08T02:27:30.521953100Z
2313c4.1388: FileAttributes: 0x20
2413c4.1388: Size: 0x11c000
2513c4.1388: NT Headers: 0xe8
2613c4.1388: Timestamp: 0x56bcd73b
2713c4.1388: Machine: 0x8664 - amd64
2813c4.1388: Timestamp: 0x56bcd73b
2913c4.1388: Image Version: 6.1
3013c4.1388: SizeOfImage: 0x11f000 (1175552)
3113c4.1388: Resource Dir: 0x116000 LB 0x528
3213c4.1388: ProductName: Microsoft® Windows® Operating System
3313c4.1388: ProductVersion: 6.1.7601.19160
3413c4.1388: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
3513c4.1388: FileDescription: Windows NT BASE API Client DLL
3613c4.1388: \SystemRoot\System32\KernelBase.dll:
3713c4.1388: CreationTime: 2016-03-27T21:48:45.296875000Z
3813c4.1388: LastWriteTime: 2016-02-11T18:44:34.850000000Z
3913c4.1388: ChangeTime: 2016-10-08T02:27:30.537553100Z
4013c4.1388: FileAttributes: 0x20
4113c4.1388: Size: 0x67200
4213c4.1388: NT Headers: 0xe8
4313c4.1388: Timestamp: 0x56bcd73c
4413c4.1388: Machine: 0x8664 - amd64
4513c4.1388: Timestamp: 0x56bcd73c
4613c4.1388: Image Version: 6.1
4713c4.1388: SizeOfImage: 0x6b000 (438272)
4813c4.1388: Resource Dir: 0x69000 LB 0x530
4913c4.1388: ProductName: Microsoft® Windows® Operating System
5013c4.1388: ProductVersion: 6.1.7601.19160
5113c4.1388: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
5213c4.1388: FileDescription: Windows NT BASE API Client DLL
5313c4.1388: \SystemRoot\System32\apisetschema.dll:
5413c4.1388: CreationTime: 2016-03-27T21:48:40.921875000Z
5513c4.1388: LastWriteTime: 2016-02-11T18:41:37.445000000Z
5613c4.1388: ChangeTime: 2016-10-08T02:27:10.819118500Z
5713c4.1388: FileAttributes: 0x20
5813c4.1388: Size: 0x1a00
5913c4.1388: NT Headers: 0xc0
6013c4.1388: Timestamp: 0x56bcd628
6113c4.1388: Machine: 0x8664 - amd64
6213c4.1388: Timestamp: 0x56bcd628
6313c4.1388: Image Version: 6.1
6413c4.1388: SizeOfImage: 0x50000 (327680)
6513c4.1388: Resource Dir: 0x30000 LB 0x3f8
6613c4.1388: ProductName: Microsoft® Windows® Operating System
6713c4.1388: ProductVersion: 6.1.7601.19160
6813c4.1388: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
6913c4.1388: FileDescription: ApiSet Schema DLL
7013c4.1388: supR3HardenedWinFindAdversaries: 0x0
7113c4.1388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7213c4.1388: Calling main()
7313c4.1388: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7413c4.1388: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7513c4.1388: SUPR3HardenedMain: Respawn #1
7613c4.1388: System32: \Device\HarddiskVolume2\Windows\System32
7713c4.1388: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
7813c4.1388: KnownDllPath: C:\Windows\system32
7913c4.1388: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8013c4.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8113c4.1388: supR3HardNtEnableThreadCreation:
8213c4.1388: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778cb170 pvNtTerminateThread=00000000778ed8e0
8313c4.1388: supR3HardenedWinDoReSpawn(1): New child b44.14d8 [kernel32].
8413c4.1388: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
8513c4.1388: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778a0000 uNtDllChildAddr=00000000778a0000
8613c4.1388: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000778cb170
8713c4.1388: supR3HardenedWinSetupChildInit: Start child.
8813c4.1388: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8913c4.1388: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 32 sleeps
9013c4.1388: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9113c4.1388: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
9213c4.1388: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
9313c4.1388: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
9413c4.1388: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
9513c4.1388: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
9613c4.1388: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
9713c4.1388: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
9813c4.1388: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000
9913c4.1388: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000
10013c4.1388: 00000000002f0000-ffffffff88d3ffff 0x0001/0x0000 0x0000000
10113c4.1388: *00000000778a0000-00000000778a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10213c4.1388: 00000000778a1000-000000007799ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10313c4.1388: 00000000779a0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10413c4.1388: 00000000779cf000-00000000779d6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10513c4.1388: 00000000779d7000-00000000779d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10613c4.1388: 00000000779d8000-00000000779dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10713c4.1388: 00000000779db000-0000000077a49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10813c4.1388: 0000000077a4a000-00000000704b3fff 0x0001/0x0000 0x0000000
10913c4.1388: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
11013c4.1388: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
11113c4.1388: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
11213c4.1388: 000000007fff0000-ffffffffc0fbffff 0x0001/0x0000 0x0000000
11313c4.1388: *000000013f020000-000000013f020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11413c4.1388: 000000013f021000-000000013f08ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11513c4.1388: 000000013f090000-000000013f090fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11613c4.1388: 000000013f091000-000000013f0d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11713c4.1388: 000000013f0d6000-000000013f0d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11813c4.1388: 000000013f0d7000-000000013f0d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11913c4.1388: 000000013f0d8000-000000013f0dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12013c4.1388: 000000013f0dd000-000000013f0ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12113c4.1388: 000000013f0de000-000000013f0defff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12213c4.1388: 000000013f0df000-000000013f0e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12313c4.1388: 000000013f0e3000-000000013f12afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12413c4.1388: 000000013f12b000-fffff8037e695fff 0x0001/0x0000 0x0000000
12513c4.1388: *000007feffbc0000-000007feffbc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
12613c4.1388: 000007feffbc1000-000007fdff7d1fff 0x0001/0x0000 0x0000000
12713c4.1388: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
12813c4.1388: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
12913c4.1388: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
13013c4.1388: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
13113c4.1388: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
13213c4.1388: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
13313c4.1388: apisetschema.dll: timestamp 0x56bcd628 (rc=VINF_SUCCESS)
13413c4.1388: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
13513c4.1388: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13613c4.1388: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
13713c4.1388: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
13813c4.1388: supR3HardNtChildPurify: Done after 286 ms and 0 fixes (loop #0).
139b44.14d8: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
140b44.14d8: supR3HardenedVmProcessInit: uNtDllAddr=00000000778a0000 g_uNtVerCombined=0x611db100
14113c4.1388: supR3HardNtEnableThreadCreation:
142b44.14d8: ntdll.dll: timestamp 0x56bcd74c (rc=VINF_SUCCESS)
143b44.14d8: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1744896 allocation)
144b44.14d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
145b44.14d8: System32: \Device\HarddiskVolume2\Windows\System32
146b44.14d8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
147b44.14d8: KnownDllPath: C:\Windows\system32
148b44.14d8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
149b44.14d8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
150b44.14d8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
151b44.14d8: Registered Dll notification callback with NTDLL.
152b44.14d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
153b44.14d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
154b44.14d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
155b44.14d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
156b44.14d8: supR3HardenedDllNotificationCallback: load 0000000077680000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
157b44.14d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
158b44.14d8: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
159b44.14d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
160b44.14d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
161b44.14d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077680000 'C:\Windows\system32\kernel32.dll'
162b44.14d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778cb170 pvNtTerminateThread=00000000778ed8e0
16313c4.1388: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 38 ms.
164b44.14d8: \SystemRoot\System32\ntdll.dll:
165b44.14d8: CreationTime: 2016-03-27T21:48:45.859375000Z
166b44.14d8: LastWriteTime: 2016-02-11T18:52:52.157940400Z
167b44.14d8: ChangeTime: 2016-10-08T02:27:51.691190300Z
168b44.14d8: FileAttributes: 0x20
169b44.14d8: Size: 0x1a73d8
170b44.14d8: NT Headers: 0xe0
171b44.14d8: Timestamp: 0x56bcd74c
172b44.14d8: Machine: 0x8664 - amd64
173b44.14d8: Timestamp: 0x56bcd74c
174b44.14d8: Image Version: 6.1
175b44.14d8: SizeOfImage: 0x1aa000 (1744896)
176b44.14d8: Resource Dir: 0x14e000 LB 0x5a028
177b44.14d8: ProductName: Microsoft® Windows® Operating System
178b44.14d8: ProductVersion: 6.1.7601.19160
179b44.14d8: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
180b44.14d8: FileDescription: NT Layer DLL
181b44.14d8: \SystemRoot\System32\kernel32.dll:
182b44.14d8: CreationTime: 2016-03-27T21:48:45.359375000Z
183b44.14d8: LastWriteTime: 2016-02-11T18:44:34.819000000Z
184b44.14d8: ChangeTime: 2016-10-08T02:27:30.521953100Z
185b44.14d8: FileAttributes: 0x20
186b44.14d8: Size: 0x11c000
187b44.14d8: NT Headers: 0xe8
188b44.14d8: Timestamp: 0x56bcd73b
189b44.14d8: Machine: 0x8664 - amd64
190b44.14d8: Timestamp: 0x56bcd73b
191b44.14d8: Image Version: 6.1
192b44.14d8: SizeOfImage: 0x11f000 (1175552)
193b44.14d8: Resource Dir: 0x116000 LB 0x528
194b44.14d8: ProductName: Microsoft® Windows® Operating System
195b44.14d8: ProductVersion: 6.1.7601.19160
196b44.14d8: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
197b44.14d8: FileDescription: Windows NT BASE API Client DLL
198b44.14d8: \SystemRoot\System32\KernelBase.dll:
199b44.14d8: CreationTime: 2016-03-27T21:48:45.296875000Z
200b44.14d8: LastWriteTime: 2016-02-11T18:44:34.850000000Z
201b44.14d8: ChangeTime: 2016-10-08T02:27:30.537553100Z
202b44.14d8: FileAttributes: 0x20
203b44.14d8: Size: 0x67200
204b44.14d8: NT Headers: 0xe8
205b44.14d8: Timestamp: 0x56bcd73c
206b44.14d8: Machine: 0x8664 - amd64
207b44.14d8: Timestamp: 0x56bcd73c
208b44.14d8: Image Version: 6.1
209b44.14d8: SizeOfImage: 0x6b000 (438272)
210b44.14d8: Resource Dir: 0x69000 LB 0x530
211b44.14d8: ProductName: Microsoft® Windows® Operating System
212b44.14d8: ProductVersion: 6.1.7601.19160
213b44.14d8: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
214b44.14d8: FileDescription: Windows NT BASE API Client DLL
215b44.14d8: \SystemRoot\System32\apisetschema.dll:
216b44.14d8: CreationTime: 2016-03-27T21:48:40.921875000Z
217b44.14d8: LastWriteTime: 2016-02-11T18:41:37.445000000Z
218b44.14d8: ChangeTime: 2016-10-08T02:27:10.819118500Z
219b44.14d8: FileAttributes: 0x20
220b44.14d8: Size: 0x1a00
221b44.14d8: NT Headers: 0xc0
222b44.14d8: Timestamp: 0x56bcd628
223b44.14d8: Machine: 0x8664 - amd64
224b44.14d8: Timestamp: 0x56bcd628
225b44.14d8: Image Version: 6.1
226b44.14d8: SizeOfImage: 0x50000 (327680)
227b44.14d8: Resource Dir: 0x30000 LB 0x3f8
228b44.14d8: ProductName: Microsoft® Windows® Operating System
229b44.14d8: ProductVersion: 6.1.7601.19160
230b44.14d8: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
231b44.14d8: FileDescription: ApiSet Schema DLL
232b44.14d8: supR3HardenedWinFindAdversaries: 0x0
233b44.14d8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
234b44.14d8: Calling main()
235b44.14d8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
236b44.14d8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
237b44.14d8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
238b44.14d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
239b44.14d8: SUPR3HardenedMain: Respawn #2
240b44.14d8: supR3HardNtEnableThreadCreation:
241b44.14d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
242b44.14d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
243b44.14d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
244b44.14d8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
245b44.14d8: supR3HardenedDllNotificationCallback: load 000007fefd460000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
246b44.14d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
247b44.14d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\Windows\system32\apphelp.dll'
248b44.14d8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778cb170 pvNtTerminateThread=00000000778ed8e0
249b44.14d8: supR3HardenedWinDoReSpawn(2): New child d44.1dc [kernel32].
250b44.14d8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
251b44.14d8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778a0000 uNtDllChildAddr=00000000778a0000
252b44.14d8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000778cb170
253b44.14d8: supR3HardenedWinSetupChildInit: Start child.
254b44.14d8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
255b44.14d8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
256b44.14d8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
257b44.14d8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
258b44.14d8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
259b44.14d8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
260b44.14d8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
261b44.14d8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
262b44.14d8: 0000000000041000-fffffffffff61fff 0x0001/0x0000 0x0000000
263b44.14d8: *0000000000120000-0000000000023fff 0x0000/0x0004 0x0020000
264b44.14d8: 000000000021c000-0000000000219fff 0x0104/0x0004 0x0020000
265b44.14d8: 000000000021e000-000000000021bfff 0x0004/0x0004 0x0020000
266b44.14d8: 0000000000220000-ffffffff88b9ffff 0x0001/0x0000 0x0000000
267b44.14d8: *00000000778a0000-00000000778a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
268b44.14d8: 00000000778a1000-000000007799ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
269b44.14d8: 00000000779a0000-00000000779cefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
270b44.14d8: 00000000779cf000-00000000779d6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
271b44.14d8: 00000000779d7000-00000000779d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
272b44.14d8: 00000000779d8000-00000000779dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
273b44.14d8: 00000000779db000-0000000077a49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
274b44.14d8: 0000000077a4a000-00000000704b3fff 0x0001/0x0000 0x0000000
275b44.14d8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
276b44.14d8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
277b44.14d8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
278b44.14d8: 000000007fff0000-ffffffffc0fbffff 0x0001/0x0000 0x0000000
279b44.14d8: *000000013f020000-000000013f020fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
280b44.14d8: 000000013f021000-000000013f08ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
281b44.14d8: 000000013f090000-000000013f090fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
282b44.14d8: 000000013f091000-000000013f0d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
283b44.14d8: 000000013f0d6000-000000013f0d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
284b44.14d8: 000000013f0d7000-000000013f0d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
285b44.14d8: 000000013f0d8000-000000013f0dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
286b44.14d8: 000000013f0dd000-000000013f0ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
287b44.14d8: 000000013f0de000-000000013f0defff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
288b44.14d8: 000000013f0df000-000000013f0e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
289b44.14d8: 000000013f0e3000-000000013f12afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
290b44.14d8: 000000013f12b000-fffff8037e695fff 0x0001/0x0000 0x0000000
291b44.14d8: *000007feffbc0000-000007feffbc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
292b44.14d8: 000007feffbc1000-000007fdff7d1fff 0x0001/0x0000 0x0000000
293b44.14d8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
294b44.14d8: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
295b44.14d8: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
296b44.14d8: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
297b44.14d8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
298b44.14d8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
299b44.14d8: apisetschema.dll: timestamp 0x56bcd628 (rc=VINF_SUCCESS)
300b44.14d8: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
301b44.14d8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
302b44.14d8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
303b44.14d8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
304b44.14d8: supR3HardNtChildPurify: Done after 294 ms and 0 fixes (loop #0).
305d44.1dc: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
306d44.1dc: supR3HardenedVmProcessInit: uNtDllAddr=00000000778a0000 g_uNtVerCombined=0x611db100
307b44.14d8: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
308b44.14d8: supR3HardNtEnableThreadCreation:
309d44.1dc: ntdll.dll: timestamp 0x56bcd74c (rc=VINF_SUCCESS)
310d44.1dc: New simple heap: #1 0000000000320000 LB 0x400000 (for 1744896 allocation)
311d44.1dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
312d44.1dc: System32: \Device\HarddiskVolume2\Windows\System32
313d44.1dc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
314d44.1dc: KnownDllPath: C:\Windows\system32
315d44.1dc: supR3HardenedVmProcessInit: Opening vboxdrv...
316d44.1dc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
317d44.1dc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
318d44.1dc: Registered Dll notification callback with NTDLL.
319d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
320d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
321d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
322d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
323d44.1dc: supR3HardenedDllNotificationCallback: load 0000000077680000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
324d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
325d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
326d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
327d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
328d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077680000 'C:\Windows\system32\kernel32.dll'
329d44.1dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778cb170 pvNtTerminateThread=00000000778ed8e0
330b44.14d8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 39 ms.
331d44.1dc: \SystemRoot\System32\ntdll.dll:
332d44.1dc: CreationTime: 2016-03-27T21:48:45.859375000Z
333d44.1dc: LastWriteTime: 2016-02-11T18:52:52.157940400Z
334d44.1dc: ChangeTime: 2016-10-08T02:27:51.691190300Z
335d44.1dc: FileAttributes: 0x20
336d44.1dc: Size: 0x1a73d8
337d44.1dc: NT Headers: 0xe0
338d44.1dc: Timestamp: 0x56bcd74c
339d44.1dc: Machine: 0x8664 - amd64
340d44.1dc: Timestamp: 0x56bcd74c
341d44.1dc: Image Version: 6.1
342d44.1dc: SizeOfImage: 0x1aa000 (1744896)
343d44.1dc: Resource Dir: 0x14e000 LB 0x5a028
344d44.1dc: ProductName: Microsoft® Windows® Operating System
345d44.1dc: ProductVersion: 6.1.7601.19160
346d44.1dc: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
347d44.1dc: FileDescription: NT Layer DLL
348d44.1dc: \SystemRoot\System32\kernel32.dll:
349d44.1dc: CreationTime: 2016-03-27T21:48:45.359375000Z
350d44.1dc: LastWriteTime: 2016-02-11T18:44:34.819000000Z
351d44.1dc: ChangeTime: 2016-10-08T02:27:30.521953100Z
352d44.1dc: FileAttributes: 0x20
353d44.1dc: Size: 0x11c000
354d44.1dc: NT Headers: 0xe8
355d44.1dc: Timestamp: 0x56bcd73b
356d44.1dc: Machine: 0x8664 - amd64
357d44.1dc: Timestamp: 0x56bcd73b
358d44.1dc: Image Version: 6.1
359d44.1dc: SizeOfImage: 0x11f000 (1175552)
360d44.1dc: Resource Dir: 0x116000 LB 0x528
361d44.1dc: ProductName: Microsoft® Windows® Operating System
362d44.1dc: ProductVersion: 6.1.7601.19160
363d44.1dc: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
364d44.1dc: FileDescription: Windows NT BASE API Client DLL
365d44.1dc: \SystemRoot\System32\KernelBase.dll:
366d44.1dc: CreationTime: 2016-03-27T21:48:45.296875000Z
367d44.1dc: LastWriteTime: 2016-02-11T18:44:34.850000000Z
368d44.1dc: ChangeTime: 2016-10-08T02:27:30.537553100Z
369d44.1dc: FileAttributes: 0x20
370d44.1dc: Size: 0x67200
371d44.1dc: NT Headers: 0xe8
372d44.1dc: Timestamp: 0x56bcd73c
373d44.1dc: Machine: 0x8664 - amd64
374d44.1dc: Timestamp: 0x56bcd73c
375d44.1dc: Image Version: 6.1
376d44.1dc: SizeOfImage: 0x6b000 (438272)
377d44.1dc: Resource Dir: 0x69000 LB 0x530
378d44.1dc: ProductName: Microsoft® Windows® Operating System
379d44.1dc: ProductVersion: 6.1.7601.19160
380d44.1dc: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
381d44.1dc: FileDescription: Windows NT BASE API Client DLL
382d44.1dc: \SystemRoot\System32\apisetschema.dll:
383d44.1dc: CreationTime: 2016-03-27T21:48:40.921875000Z
384d44.1dc: LastWriteTime: 2016-02-11T18:41:37.445000000Z
385d44.1dc: ChangeTime: 2016-10-08T02:27:10.819118500Z
386d44.1dc: FileAttributes: 0x20
387d44.1dc: Size: 0x1a00
388d44.1dc: NT Headers: 0xc0
389d44.1dc: Timestamp: 0x56bcd628
390d44.1dc: Machine: 0x8664 - amd64
391d44.1dc: Timestamp: 0x56bcd628
392d44.1dc: Image Version: 6.1
393d44.1dc: SizeOfImage: 0x50000 (327680)
394d44.1dc: Resource Dir: 0x30000 LB 0x3f8
395d44.1dc: ProductName: Microsoft® Windows® Operating System
396d44.1dc: ProductVersion: 6.1.7601.19160
397d44.1dc: FileVersion: 6.1.7601.19160 (win7sp1_gdr.160211-0600)
398d44.1dc: FileDescription: ApiSet Schema DLL
399d44.1dc: supR3HardenedWinFindAdversaries: 0x0
400d44.1dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
401d44.1dc: Calling main()
402d44.1dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
403d44.1dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
404d44.1dc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
405d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
406d44.1dc: SUPR3HardenedMain: Final process, opening VBoxDrv...
407d44.1dc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
408d44.1dc: supR3HardNtEnableThreadCreation:
409d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
410d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
411d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021b661:<flags> [calling]
412d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
413d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefa430000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
414d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
415d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
416d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000218de1:<flags> [calling]
417d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
418d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
419d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000218de1:<flags> [calling]
420d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
421d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
422d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
423d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
424d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
425d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
426d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
427d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
428d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
429d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
430d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
431d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
432d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
433d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
434d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
435d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
436d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
437d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
438d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
439d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
440d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
441d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
442d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
443d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
444d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
445d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
446d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
447d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
448d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
449d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
450d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
451d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
452d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021d471:<flags> [calling]
453d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
454d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd870000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
455d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
456d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
457d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
458d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
459d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
460d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd620000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
461d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
462d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
463d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
464d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd870000 'C:\Windows\system32\Wintrust.dll'
465d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
466d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
467d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021d471:<flags> [calling]
468d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
469d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefcfb0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
470d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
471d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\bcrypt.dll'
472d44.1dc: bcrypt.dll loaded at 000007fefcfb0000, BCryptOpenAlgorithmProvider at 000007fefcfb2640, preloading providers:
473d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
474d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
475d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
476d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
477d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
478d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
479d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
480d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
481d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
482d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
483d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
484d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
485d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
486d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
487d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
488d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
489d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
490d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
491d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
492d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021d461:<flags> [calling]
493d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
494d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefcaa0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
495d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
496d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe7b0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
497d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
498d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
499d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
500d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
501d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
502d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefed80000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
503d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
504d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaa0000 'C:\Windows\system32\bcryptprimitives.dll'
505d44.1dc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008ab740)
506d44.1dc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008ad700)
507d44.1dc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008ad820)
508d44.1dc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008ada30)
509d44.1dc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008adb50)
510d44.1dc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008adc70)
511d44.1dc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008adeb0)
512d44.1dc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008adfd0)
513d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
514d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
515d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
516d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
517d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
518d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
519d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
520d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
521d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cfc1:<flags> [calling]
522d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
523d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
524d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
525d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\CRYPTSP.dll'
526d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
527d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
528d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
529d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
530d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
531d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
532d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cf51:<flags> [calling]
533d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
534d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefcb60000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
535d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
536d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\Windows\system32\rsaenh.dll'
537d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
538d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c7e1:<flags> [calling]
539d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.dll'
540d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
541d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
542d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cb61:<flags> [calling]
543d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
544d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
545d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
546d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\CRYPTBASE.dll'
547d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
548d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c591:<flags> [calling]
549d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077680000 'C:\Windows\system32\kernel32.dll'
550d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
551d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cf21:<flags> [calling]
552d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd870000 'C:\Windows\system32\WINTRUST.DLL'
553d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
554d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021cd51:<flags> [calling]
555d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\CRYPT32.dll'
556d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
557d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
558d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
559d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
560d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
561d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
562d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
563d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
564d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
565d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
566d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cda1:<flags> [calling]
567d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
568d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
569d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
570d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\imagehlp.dll'
571d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
572d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cef1:<flags> [calling]
573d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\CRYPTSP.dll'
574d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
575d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
576d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
577d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
578d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
579d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
580d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
581d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
582d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
583d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
584d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
585d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
586d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
587d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
588d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
589d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
590d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
591d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
592d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
593d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
594d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
595d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
596d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
597d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
598d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
599d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
600d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
601d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
602d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
603d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
604d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
605d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
606d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
607d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
608d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
609d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
610d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
611d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
612d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
613d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
614d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
615d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ca21:<flags> [calling]
616d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
617d44.1dc: supR3HardenedDllNotificationCallback: load 00000000777a0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
618d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
619d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefddb0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
620d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
621d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefdf30000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
622d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
623d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe210000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
624d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
625d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
626d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021bf21:<flags> [calling]
627d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddb0000 'C:\Windows\system32\gdi32.dll'
628d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
629d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
630d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
631d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
632d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
633d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
634d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
635d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
636d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
637d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
638d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
639d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
640d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
641d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
642d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
643d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
644d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
645d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
646d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
647d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
648d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
649d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
650d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
651d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
652d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
653d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
654d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
655d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
656d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
657d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
658d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
659d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021b861:<flags> [calling]
660d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
661d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe890000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
662d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
663d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefde20000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
664d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
665d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe890000 'C:\Windows\system32\IMM32.DLL'
666d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\Windows\system32\USER32.dll'
667d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
668d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
669d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
670d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
671d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
672d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
673d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
674d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
675d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
676d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
677d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
678d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
679d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
680d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
681d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cd21:<flags> [calling]
682d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
683d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
684d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
685d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\Windows\system32\ncrypt.dll'
686d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
687d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021cb11:<flags> [calling]
688d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\bcrypt.dll'
689d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
690d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
691d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
692d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
693d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
694d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
695d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
696d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
697d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
698d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
699d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
700d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
701d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
702d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
703d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
704d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
705d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
706d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
707d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
708d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c4d1:<flags> [calling]
709d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
710d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
711d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
712d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
713d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
714d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\USERENV.dll'
715d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c231:<flags> [calling]
716d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
717d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c5c1:<flags> [calling]
718d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
719d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
720d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
721d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
722d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
723d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
724d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
725d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
726d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
727d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
728d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
729d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c7f1:<flags> [calling]
730d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
731d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefc8e0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
732d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
733d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\Windows\system32\GPAPI.dll'
734d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c741:<flags> [calling]
735d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
736d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
737d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021be41:<flags> [calling]
738d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\rpcrt4.dll'
739d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c721:<flags> [calling]
740d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-WIN-Service-Management-L2-1-0.dll'
741d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c731:<flags> [calling]
742d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
743d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
744d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
745d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
746d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
747d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
748d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
749d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
750d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
751d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
752d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
753d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
754d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
755d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
756d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
757d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
758d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
759d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
760d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
761d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
762d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
763d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
764d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
765d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
766d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c211:<flags> [calling]
767d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefa1b0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
769d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
770d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
771d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
772d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
773d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
774d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
775d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
777d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
778d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
779d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
780d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
781d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
783d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
784d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
786d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
787d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000021b441:<flags> [calling]
789d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
790d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
792d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
793d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
794d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
795d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
796d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
797d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
798d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
799d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
800d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
801d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
802d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
803d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021bba1:<flags> [calling]
804d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
805d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
806d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021bba1:<flags> [calling]
807d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd630000 'C:\Windows\system32\profapi.dll'
808d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
809d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
810d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
811d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
812d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
813d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
814d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
815d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
816d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
817d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
818d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
819d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
820d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
821d44.1dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
822d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021b641:<flags> [calling]
823d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
824d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe5a0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
825d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
826d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5a0000 'C:\Windows\system32\SHLWAPI.dll'
827d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
828d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008be4a0
829d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
830d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B93352A864E36C57D7F3E56EDF5A6E93089B12C0
831d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c4e1:<flags> [calling]
832d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
833d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c041:<flags> [calling]
834d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
835d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c041:<flags> [calling]
836d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
837d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
838d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c4e1:<flags> [calling]
839d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.dll'
840d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c491:<flags> [calling]
841d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
842d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000021c181:<flags> [calling]
843d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
844d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
845d44.1dc: g_pfnWinVerifyTrust=000007fefd871010
846d44.1dc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
847d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
848d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
849d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
850d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B757256DD06374F77FF8DC61E1FEC0E93F3DF2F3
851d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_192_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
852d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
853d44.1dc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
854d44.1dc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
855d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
856d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
857d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
858d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D66460DAFA96F2CF96829A002753DECB7ED7CF
859d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
860d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
861d44.1dc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
862d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
863d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
864d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
865d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
866d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
867d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
868d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
869d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
870d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
871d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
872d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
873d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
874d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
875d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
876d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
877d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
878d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
879d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2545617940C2A353D1E2B307B3C55DF27B1EEBE9
880d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
881d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
882d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
883d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000268 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
884d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
885d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
886d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
887d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
888d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
889d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
890d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
891d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
892d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
893d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
894d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
895d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
896d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
897d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
898d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
899d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
900d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
901d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
902d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
903d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
904d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
905d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
906d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
907d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFE791ACA79409F3E88785B70223E98BC6C0A768
908d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
909d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
910d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
911d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
912d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
913d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
914d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
915d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
916d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
917d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
918d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
919d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
920d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
921d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
922d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
923d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
924d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
925d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
926d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
927d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
928d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
929d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
930d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
931d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
932d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
933d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
934d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
935d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCB0DC67293B86DEC2E849DF18F94623D95746BD
936d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
937d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
938d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
939d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
940d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
941d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
942d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
943d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
944d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
945d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
946d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
947d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
948d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
949d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
950d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
951d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
952d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
953d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
954d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
955d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
956d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
957d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
958d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
959d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
960d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
961d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
962d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
963d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E97EEDA6F6745D8A75BAAA8FA5517660C966AAAC
964d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
965d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
966d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
967d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
968d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
969d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
970d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
971d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
972d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
973d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
974d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
975d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
976d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
977d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
978d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
979d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
980d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
981d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
982d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
983d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
984d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
985d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D6B83235B72462E4EF58057E9BE2D9E7E643D9E
986d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
987d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
988d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
989d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
990d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
991d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
992d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
993d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
994d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
995d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
996d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
997d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
998d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
999d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1000d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1001d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1002d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1003d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1004d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1005d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1006d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1007d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1008d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1009d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1010d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1011d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1012d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1013d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1014d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A1F2AB99C8BCE91AC7C8E5DDE94CE0E48CC6A77
1015d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1016d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1017d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1018d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1019d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1020d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1021d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1022d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C6CB5558C3BD25E3B08E09F9AF39037EBAC708F
1023d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1024d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1025d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1026d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1027d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1028d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1029d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6634EBBF0E13B98565FD264F3F8D0A8C699CAF28
1030d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1031d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1032d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1033d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1034d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021bf91:<flags> [calling]
1035d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\crypt32.dll'
1036d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x2d281fd08c6e8eb3 CN=WZT
1037d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1038d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1039d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1040d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1041d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1042d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1043d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1044d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1045d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1046d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1047d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1048d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1049d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1050d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1051d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1052d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1053d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1054d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1055d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1056d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1057d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1058d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1059d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1060d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1061d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1062d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1063d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1064d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1065d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1066d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1067d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1068d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1069d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1070d44.1dc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1071d44.1dc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=35
1072d44.1dc: SUPR3HardenedMain: Load Runtime...
1073d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1074d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1075d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1076d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1077d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1078d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1079d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1080d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1081d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1082d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1083d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1084d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1085d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1086d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1087d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1088d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1089d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1090d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1091d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1092d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1093d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1094d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1095d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1096d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1097d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1098d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1099d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1100d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1101d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1102d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1103d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1104d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1105d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1106d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1107d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1108d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1109d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1110d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1111d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1112d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1113d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1114d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1115d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1116d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1117d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1118d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1119d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1120d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1121d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1122d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1123d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c2b1:<flags> [calling]
1124d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1125d44.1dc: supR3HardenedDllNotificationCallback: load 000007feecc90000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1126d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1127d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1128d44.1dc: supR3HardenedDllNotificationCallback: load 000000005ff20000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1129d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1130d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1131d44.1dc: supR3HardenedDllNotificationCallback: load 00000000682d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1132d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1133d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefeb50000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1134d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1135d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe380000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1136d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1137d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1138d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1139d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1141d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1142d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1144d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1145d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1147d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1148d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1150d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1151d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1153d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1154d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1163d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1164d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1175d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1176d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1178d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1179d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1181d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002199f1:<flags> [calling]
1182d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1183d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1184d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1185d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecc90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1186d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1187d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021de11:<flags> [calling]
1188d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd870000 'C:\Windows\system32\Wintrust.dll'
1189d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1190d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c971:<flags> [calling]
1191d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\crypt32.dll'
1192d44.1dc: SUPR3HardenedMain: Load TrustedMain...
1193d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1194d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1195d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1196d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1197d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1198d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1199d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1200d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1201d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1202d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1203d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1204d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1205d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1206d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1207d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1208d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1209d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1210d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1211d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1212d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1213d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1214d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1215d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1216d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1217d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1218d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1219d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1220d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1221d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1222d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1223d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1224d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1225d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1226d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1227d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BC5EE6972BF0BFEF4A099CB82428B9B682CAD7
1228d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1229d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1230d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1231d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1232d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1233d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1234d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1235d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1236d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1237d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1238d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1239d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1240d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1241d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1242d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE77ABAC364F51C94584A3AF7DD90656C74CFAB9
1243d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3126593~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1244d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1245d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1246d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1247d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1248d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1249d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1250d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1251d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1252d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1253d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1254d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1255d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1256d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
1257d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1258d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1259d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1260d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1261d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1262d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1263d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1264d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1265d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1266d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1267d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1268d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1269d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1270d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1271d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1272d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1273d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1274d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1275d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1276d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1277d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1278d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1279d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1280d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1281d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1282d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1283d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1284d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1285d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1286d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1287d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1288d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1289d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1290d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1291d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1292d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1293d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1294d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1295d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1296d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1297d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1298d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1299d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1300d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1301d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1302d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1303d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1304d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1305d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1306d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
1307d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1308d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1309d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1310d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1311d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1312d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1313d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1314d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1315d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1316d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1317d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1318d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1319d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1320d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1321d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1322d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1323d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1324d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1325d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1326d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1327d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1328d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1329d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1330d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1331d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1332d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1333d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1334d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1335d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1336d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1337d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1338d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1339d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1340d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1341d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1342d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1343d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1344d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1345d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1346d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1347d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1348d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1349d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1350d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1351d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1352d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1353d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1354d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1355d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1356d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1357d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1358d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1359d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1360d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1361d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1362d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1363d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1364d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1365d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1366d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1367d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1368d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1369d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1370d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1371d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1372d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1373d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1374d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1375d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1376d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1377d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1378d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1379d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1380d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1381d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1382d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1383d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1384d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1385d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1386d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1387d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1388d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1389d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1390d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1391d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1392d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1393d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1394d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1395d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1396d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1397d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1398d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1399d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1400d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1401d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1402d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1403d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1404d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1405d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1406d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1407d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1408d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1409d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1410d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1411d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1412d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1413d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1414d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1415d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1416d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1417d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1418d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1419d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1420d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1421d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1422d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1423d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1424d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1425d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1426d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1427d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1428d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1429d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1430d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1431d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1432d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1433d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1434d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1435d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1436d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1437d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1438d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1439d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1440d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1441d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1442d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1443d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1444d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1445d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1446d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1447d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1448d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1449d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1450d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1451d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1452d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1453d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1454d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1455d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1456d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1457d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1458d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1459d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1460d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1461d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1462d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1463d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1464d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1465d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1466d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1467d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1468d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1469d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1470d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1471d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1472d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1473d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1474d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1475d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1476d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1477d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1478d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1479d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1480d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1481d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1482d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1483d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1484d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1485d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1486d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1487d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1488d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1489d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1490d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1491d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1492d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1493d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1494d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1495d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1496d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1497d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1498d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1499d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1500d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1501d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1502d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1503d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1504d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1505d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1506d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1507d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1508d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1509d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1510d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1511d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1512d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1513d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1514d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1515d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1516d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1517d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1518d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1519d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1520d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1521d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1522d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1523d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1524d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1525d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1526d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1527d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1528d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1529d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1530d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1531d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1532d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1533d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1534d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1535d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1536d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1537d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1538d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1539d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1540d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1541d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1542d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1543d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1544d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1545d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1546d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1547d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1548d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1549d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1550d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1551d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1552d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1553d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1554d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1555d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1556d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1557d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1558d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1559d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1560d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1561d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1562d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1563d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1564d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1565d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1566d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1567d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1568d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1569d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1570d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1571d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1572d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1573d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1574d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1575d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1576d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1577d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1578d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1579d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1580d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1581d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1582d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1583d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1584d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1585d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1586d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1587d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1588d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1589d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1590d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1591d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1592d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1593d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1594d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1595d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1596d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1597d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1598d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1599d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1600d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1601d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1602d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1603d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1604d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1605d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1606d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1607d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1608d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1609d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1610d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1611d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1612d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B836812C25D9B41A17EC3FB9DFD521994AD2302
1613d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1614d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1615d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1616d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1617d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1618d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1619d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1620d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1623d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1624d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1625d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1626d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1627d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1628d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1629d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1630d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1631d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1632d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1633d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1634d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1635d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1636d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1637d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1638d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1639d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1640d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1641d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1642d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1643d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1644d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1645d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1646d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1647d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1648d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1649d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1650d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1651d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1652d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1653d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1654d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1655d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1656d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1657d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1658d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1659d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1660d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1661d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1662d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1663d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1664d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1665d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1666d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1667d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1668d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1669d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1670d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1671d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1672d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1673d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1674d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1675d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1676d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1677d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1678d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1679d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1680d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1681d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1682d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1683d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1684d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1685d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1686d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1687d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1688d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1689d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021c2c1:<flags> [calling]
1690d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1691d44.1dc: supR3HardenedDllNotificationCallback: load 000007fedb740000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1692d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1693d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef1e60000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1695d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1696d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1697d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef5b70000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1698d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1699d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1700d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef25c0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1701d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1702d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1703d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefa4f0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1704d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1705d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefeba0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1706d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1707d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd8d0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1708d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1709d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x000d8000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1710d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1711d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe390000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1712d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1713d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd640000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1714d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1715d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1716d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefa810000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1717d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1718d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1719d44.1dc: supR3HardenedDllNotificationCallback: load 000000005dde0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1720d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1721d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefee20000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1722d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1723d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1724d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef94d0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1725d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1726d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1727d44.1dc: supR3HardenedDllNotificationCallback: load 000007fedf190000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1728d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1729d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1730d44.1dc: supR3HardenedDllNotificationCallback: load 000000005d170000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1731d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1732d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1733d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef3c90000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1734d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1735d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1736d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef9340000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1737d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1738d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefdbe0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1739d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1740d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1741d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1742d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1743d44.1dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1744d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1745d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef35a0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1746d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1747d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1748d44.1dc: supR3HardenedDllNotificationCallback: load 0000000063a40000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1749d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1750d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1751d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef8dd0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1752d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1753d44.1dc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1754d44.1dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1755d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1756d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1757d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1758d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1759d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1760d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1761d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1762d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021b891:<flags> [calling]
1763d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe890000 'C:\Windows\system32\imm32.dll'
1764d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.DLL'
1765d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1766d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1767d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\cryptbase.dll'
1768d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb740000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1769d44.1dc: SUPR3HardenedMain: Calling TrustedMain (000007fedb741610)...
1770d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1771d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021de51:<flags> [calling]
1772d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\Windows\system32\ole32.dll'
1773d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.dll'
1774d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1775d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021e671:<flags> [calling]
1776d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee20000 'C:\Windows\system32\shell32.dll'
1777d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1778d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
1779d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
1780d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
1781d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1782d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1783d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1784d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1785d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1786d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1787d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1788d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1789d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1790d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1791d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1792d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1793d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1794d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1795d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1796d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1797d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1798d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1799d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1800d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1801d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1802d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1803d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1804d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1805d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1806d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1807d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1808d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1809d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1810d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1811d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1812d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1813d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1814d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1815d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1816d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1817d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1818d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1819d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021e801:<flags> [calling]
1820d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1821d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef1d30000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1822d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1823d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d30000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1824d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1825d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021e731:<flags> [calling]
1826d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\CRYPTBASE.dll'
1827d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\Windows\system32\user32.dll'
1828d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1829d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ea41:<flags> [calling]
1830d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee20000 'C:\Windows\system32\shell32.dll'
1831d44.1dc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1832d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021e921:<flags> [calling]
1833d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1834d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1835d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ee61:<flags> [calling]
1836d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8dd0000 'C:\Windows\system32\winmm.dll'
1837d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1838d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ee61:<flags> [calling]
1839d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8dd0000 'C:\Windows\system32\winmm.dll'
1840d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1841d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021eeb1:<flags> [calling]
1842d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee20000 'C:\Windows\system32\shell32.dll'
1843d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1844d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1845d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1846d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1847d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1848d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1849d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1850d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1851d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1852d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1853d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1854d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1855d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1856d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1857d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1858d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1859d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1860d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ee81:<flags> [calling]
1861d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1862d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefabf0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1863d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1864d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabf0000 'C:\Windows\system32\uxtheme.dll'
1865d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\advapi32.dll'
1866d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1867d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021ee01:<flags> [calling]
1868d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\userenv.dll'
1869d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1870d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021eee1:<flags> [calling]
1871d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077680000 'C:\Windows\system32\kernel32.dll'
1872d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005dc pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1873d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1874d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1875d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1876d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1877d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1878d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1879d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1880d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1881d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1882d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1883d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1884d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
1885d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1886d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1887d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1888d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1889d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1890d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1891d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1892d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1893d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1894d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1895d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1896d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1897d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1898d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1899d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1900d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1901d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1902d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021bc61:<flags> [calling]
1903d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1904d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefe2e0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1905d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1906d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2e0000 'C:\Windows\system32\CLBCatQ.DLL'
1907d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.dll'
1908d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1909d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021aa51:<flags> [calling]
1910d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\CRYPTSP.dll'
1911d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1912d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
1913d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
1914d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1915d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1916d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1917d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1918d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
1919d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1920d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1921d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1922d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000021a621:<flags> [calling]
1923d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1924d44.1dc: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1925d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1926d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\RpcRtRemote.dll'
1927d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1928d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1929d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1930d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1931d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1932d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1933d44.172c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1934d44.172c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1935d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1936d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1937d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1938d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1939d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1940d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1941d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1942d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1943d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1944d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1945d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1946d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1947d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1948d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1949d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1950d44.172c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000467e8c1:<flags> [calling]
1951d44.172c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1952d44.172c: supR3HardenedDllNotificationCallback: load 000007fedec90000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1953d44.172c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1954d44.172c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedec90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1955d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1956d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1957d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1958d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1959d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1960d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1961d44.172c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1962d44.172c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1963d44.172c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1964d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1965d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1966d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1967d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1968d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1969d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1970d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1971d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1972d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1973d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1974d44.172c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1975d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1976d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1977d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1978d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1979d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1980d44.172c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1981d44.172c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000467d3e1:<flags> [calling]
1982d44.172c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1983d44.172c: supR3HardenedDllNotificationCallback: load 000007fef1c70000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1984d44.172c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1985d44.172c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c70000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1986d44.172c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1987d44.172c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000467d261:<flags> [calling]
1988d44.172c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'C:\Windows\system32\oleaut32.dll'
1989d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\Windows\system32\ADVAPI32.dll'
1990d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddb0000 'C:\Windows\system32\gdi32.dll'
1991d44.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1992d44.7a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1993d44.7a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
1994d44.7a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1995d44.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1996d44.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1997d44.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1998d44.7a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1999d44.7a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000420a021:<flags> [calling]
2000d44.7a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2001d44.7a8: supR3HardenedDllNotificationCallback: load 000007fef5bc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2002d44.7a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2003d44.7a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5bc0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
2004d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee20000 'C:\Windows\system32\shell32.dll'
2005d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\Windows\system32\ole32.dll'
2006d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\Windows\system32\ole32.dll'
2007d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2008d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000217e41:<flags> [calling]
2009d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'C:\Windows\system32\OLEAUT32.dll'
2010d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000968 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2011d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2012d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2013d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2014d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2015d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2016d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2017d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2018d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2019d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2020d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2021d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2022d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2023d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2024d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2025d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2026d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2027d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2028d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2029d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2030d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2031d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2032d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2033d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2034d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2035d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000096c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2036d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2037d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2038d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2039d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2040d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2041d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2042d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2043d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2044d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2045d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2046d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2047d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2048d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2049d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2050d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2051d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2052d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2053d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2054d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2055d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2056d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2057d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2058d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2059d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2060d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2061d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2062d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000216761:<flags> [calling]
2063d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2064d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef99b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2065d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2066d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2067d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef9b50000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2068d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2069d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99b0000 'C:\Windows\system32\wbem\wbemprox.dll'
2070d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000994 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2071d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2072d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2073d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2074d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2075d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2076d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2077d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2078d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2079d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2080d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2081d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2082d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2083d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2084d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2085d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000216321:<flags> [calling]
2086d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2087d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef97f0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2088d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2089d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2090d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000998 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2091d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2092d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2093d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2094d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2095d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2096d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2097d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2098d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2099d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2100d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2101d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2102d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2103d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2104d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2105d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2106d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000978 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2107d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2108d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2109d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2110d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2111d44.1dc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2112d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2113d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2114d44.1dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2115d44.1dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2116d44.1dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2117d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2118d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2119d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2120d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2121d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2122d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2123d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2124d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2125d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2126d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2127d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2128d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2129d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2130d44.1dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2131d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2132d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2133d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2134d44.1dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2135d44.1dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000216361:<flags> [calling]
2136d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2137d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef99f0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2138d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2139d44.1dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2140d44.1dc: supR3HardenedDllNotificationCallback: load 000007fef99c0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2141d44.1dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2142d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99f0000 'C:\Windows\system32\wbem\fastprox.dll'
2143d44.1dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'C:\Windows\system32\OLEAUT32.dll'
2144d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2145d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2146d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2147d44.738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2148d44.738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2149d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2150d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2151d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2152d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2153d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2154d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2155d44.738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2156d44.738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2157d44.738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2158d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2159d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2160d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2161d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2162d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2163d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2164d44.738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2165d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2166d44.738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2167d44.738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000605e861:<flags> [calling]
2168d44.738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2169d44.738: supR3HardenedDllNotificationCallback: load 000007fedab40000 LB 0x0029a000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2170d44.738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2171d44.738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2172d44.738: supR3HardenedDllNotificationCallback: load 0000000055fa0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2173d44.738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2174d44.738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedab40000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2175d44.1b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2176d44.1b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2177d44.1b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2178d44.1b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2179d44.1b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2180d44.1b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2181d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2182d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2183d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2184d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2185d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2186d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2187d44.1b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2188d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2189d44.1b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2190d44.1b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000065adac1:<flags> [calling]
2191d44.1b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2192d44.1b4: supR3HardenedDllNotificationCallback: load 000007fefac90000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2193d44.1b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2194d44.1b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2195d44.1b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\Windows\system32\User32.dll'
2196d44.1238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2197d44.1238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2198d44.1238: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2199d44.1238: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2200d44.1238: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2201d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2202d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2203d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2204d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2205d44.1238: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2206d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2207d44.1238: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2208d44.1238: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2209d44.1238: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006a3dc01:<flags> [calling]
2210d44.1238: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2211d44.1238: supR3HardenedDllNotificationCallback: load 000007fef67c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2212d44.1238: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2213d44.1238: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef67c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2214d44.1760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2215d44.1760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2216d44.1760: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2217d44.1760: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2218d44.1760: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2219d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2220d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2221d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2222d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2223d44.1760: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2224d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2225d44.1760: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2226d44.1760: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006c1dd91:<flags> [calling]
2227d44.1760: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2228d44.1760: supR3HardenedDllNotificationCallback: load 000007fefa440000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2229d44.1760: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2230d44.1760: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa440000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2231d44.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2232d44.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2233d44.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2234d44.1518: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2235d44.1518: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2236d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2237d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2238d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2239d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2240d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2241d44.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2242d44.1518: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006e2dc01:<flags> [calling]
2243d44.1518: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2244d44.1518: supR3HardenedDllNotificationCallback: load 000007fef67b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2245d44.1518: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2246d44.1518: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef67b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2247d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee20000 'C:\Windows\system32\Shell32.dll'
2248d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000063e9331:<flags> [calling]
2249d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2250d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2251d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063e9371:<flags> [calling]
2252d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd630000 'C:\Windows\system32\profapi.dll'
2253d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2254d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063eb661:<flags> [calling]
2255d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedab40000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2256d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2257d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2258d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2259d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2260d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2261d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2262d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2263d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2264d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2265d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2266d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2267d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2268d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2269d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2270d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2271d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2272d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2273d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ec811:<flags> [calling]
2274d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2275d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef42a0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2276d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2277d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef42a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2278d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef42a0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2279d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2280d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2281d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2282d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2283d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2284d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2285d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2286d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2287d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2288d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2289d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2290d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2291d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2292d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2293d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2294d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2295d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2296d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2297d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2298d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2299d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2300d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2301d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2302d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2303d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2304d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2305d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2306d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2307d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2308d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2309d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2310d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2311d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2312d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2313d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2314d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2315d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2316d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2317d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2318d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2319d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2320d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2321d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2322d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2323d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2324d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2325d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2326d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2327d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2328d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2329d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2330d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2331d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2332d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2333d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2334d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2335d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2336d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2337d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2338d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2339d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2340d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2341d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2342d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2343d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2344d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2345d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2346d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2347d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2348d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2349d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2350d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2351d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2352d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2353d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2354d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2355d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2356d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2357d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008be4a0
2358d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008be4a0
2359d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2360d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2361d44.11ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2362d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2363d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2364d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2365d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2366d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2367d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2368d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2369d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2370d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2371d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2372d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2373d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2374d44.11ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2375d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2376d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2377d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2378d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2379d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed801:<flags> [calling]
2380d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2381d44.11ec: supR3HardenedDllNotificationCallback: load 000007feda270000 LB 0x008c7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2382d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2383d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2384d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef1c10000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2385d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2386d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2387d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef1110000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2388d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2389d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2390d44.11ec: supR3HardenedDllNotificationCallback: load 000007fefbaa0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2391d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2392d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2393d44.11ec: supR3HardenedDllNotificationCallback: load 000007fefba90000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2394d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2395d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feda270000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2396d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2397d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed801:<flags> [calling]
2398d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2399d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef42a0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2400d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2401d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef42a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2402d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2403d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed801:<flags> [calling]
2404d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedec90000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2405d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2406d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed711:<flags> [calling]
2407d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1110000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2408d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2409d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2410d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2411d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2412d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2413d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2414d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2415d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2416d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed711:<flags> [calling]
2417d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2418d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef5ba0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2419d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2420d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5ba0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2421d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2422d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2423d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2424d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2425d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2426d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2427d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2428d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2429d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed711:<flags> [calling]
2430d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2431d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef5b50000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2432d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2433d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5b50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2434d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2435d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2436d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2437d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2438d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2439d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2440d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2441d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2442d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed711:<flags> [calling]
2443d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2444d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef5b30000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2445d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2446d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5b30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2447d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2448d44.11ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2449d44.11ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2450d44.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2451d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2452d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2453d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2454d44.11ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2455d44.11ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000063ed711:<flags> [calling]
2456d44.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2457d44.11ec: supR3HardenedDllNotificationCallback: load 000007fef3cf0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2458d44.11ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2459d44.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3cf0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2460d44.fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'C:\Windows\system32\OLEAUT32.dll'
2461d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef3cf0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
2462d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef5b30000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
2463d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef5b50000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
2464d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef5ba0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
2465d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef42a0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2466d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007feda270000 LB 0x008c7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2467d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fefbaa0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
2468d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fefba90000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
2469d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef1110000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2470d44.11ec: supR3HardenedDllNotificationCallback: Unload 000007fef1c10000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2471d44.1518: supR3HardenedDllNotificationCallback: Unload 000007fef67b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2472d44.1760: supR3HardenedDllNotificationCallback: Unload 000007fefa440000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2473d44.1238: supR3HardenedDllNotificationCallback: Unload 000007fef67c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2474d44.1b4: supR3HardenedDllNotificationCallback: Unload 000007fefac90000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2475d44.7a8: supR3HardenedDllNotificationCallback: Unload 000007fef5bc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
2476d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef99f0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2477d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef99c0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2478d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef97f0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2479d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef99b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2480d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef9b50000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2481d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fef1c70000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
2482d44.1dc: supR3HardenedDllNotificationCallback: Unload 000007fedec90000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2483d44.1dc: Terminating the normal way: rcExit=0
2484b44.14d8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3410 ms, the end);
248513c4.1388: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3766 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy