VirtualBox

Ticket #16613: VBoxHardening.2.log

File VBoxHardening.2.log, 210.8 KB (added by nickreserved, 7 years ago)

Windows 7 x64 client crash

Line 
1183c.1b64: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2183c.1b64: \SystemRoot\System32\ntdll.dll:
3183c.1b64: CreationTime: 2016-10-13T16:13:10.665846300Z
4183c.1b64: LastWriteTime: 2016-09-09T18:23:54.494442200Z
5183c.1b64: ChangeTime: 2016-10-14T00:18:44.407207500Z
6183c.1b64: FileAttributes: 0x20
7183c.1b64: Size: 0x1a7100
8183c.1b64: NT Headers: 0xe0
9183c.1b64: Timestamp: 0x57d2fde1
10183c.1b64: Machine: 0x8664 - amd64
11183c.1b64: Timestamp: 0x57d2fde1
12183c.1b64: Image Version: 6.1
13183c.1b64: SizeOfImage: 0x1aa000 (1744896)
14183c.1b64: Resource Dir: 0x14e000 LB 0x5a028
15183c.1b64: ProductName: Microsoft® Windows® Operating System
16183c.1b64: ProductVersion: 6.1.7601.23543
17183c.1b64: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
18183c.1b64: FileDescription: NT Layer DLL
19183c.1b64: \SystemRoot\System32\kernel32.dll:
20183c.1b64: CreationTime: 2016-10-13T16:13:08.515843300Z
21183c.1b64: LastWriteTime: 2016-09-09T18:20:44.136000000Z
22183c.1b64: ChangeTime: 2016-10-14T00:18:44.563207700Z
23183c.1b64: FileAttributes: 0x20
24183c.1b64: Size: 0x11c000
25183c.1b64: NT Headers: 0xe0
26183c.1b64: Timestamp: 0x57d2fe26
27183c.1b64: Machine: 0x8664 - amd64
28183c.1b64: Timestamp: 0x57d2fe26
29183c.1b64: Image Version: 6.1
30183c.1b64: SizeOfImage: 0x11f000 (1175552)
31183c.1b64: Resource Dir: 0x116000 LB 0x528
32183c.1b64: ProductName: Microsoft® Windows® Operating System
33183c.1b64: ProductVersion: 6.1.7601.23543
34183c.1b64: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
35183c.1b64: FileDescription: Windows NT BASE API Client DLL
36183c.1b64: \SystemRoot\System32\KernelBase.dll:
37183c.1b64: CreationTime: 2016-10-13T16:13:08.105842700Z
38183c.1b64: LastWriteTime: 2016-09-09T18:20:44.151000000Z
39183c.1b64: ChangeTime: 2016-10-14T00:18:44.563207700Z
40183c.1b64: FileAttributes: 0x20
41183c.1b64: Size: 0x66800
42183c.1b64: NT Headers: 0xe8
43183c.1b64: Timestamp: 0x57d2fe27
44183c.1b64: Machine: 0x8664 - amd64
45183c.1b64: Timestamp: 0x57d2fe27
46183c.1b64: Image Version: 6.1
47183c.1b64: SizeOfImage: 0x6a000 (434176)
48183c.1b64: Resource Dir: 0x68000 LB 0x530
49183c.1b64: ProductName: Microsoft® Windows® Operating System
50183c.1b64: ProductVersion: 6.1.7601.23543
51183c.1b64: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
52183c.1b64: FileDescription: Windows NT BASE API Client DLL
53183c.1b64: \SystemRoot\System32\apisetschema.dll:
54183c.1b64: CreationTime: 2016-10-13T16:13:06.805840900Z
55183c.1b64: LastWriteTime: 2016-09-09T18:20:38.613000000Z
56183c.1b64: ChangeTime: 2016-10-14T00:18:44.407207500Z
57183c.1b64: FileAttributes: 0x20
58183c.1b64: Size: 0x1a00
59183c.1b64: NT Headers: 0xc0
60183c.1b64: Timestamp: 0x57d2fdbf
61183c.1b64: Machine: 0x8664 - amd64
62183c.1b64: Timestamp: 0x57d2fdbf
63183c.1b64: Image Version: 6.1
64183c.1b64: SizeOfImage: 0x50000 (327680)
65183c.1b64: Resource Dir: 0x30000 LB 0x3f8
66183c.1b64: ProductName: Microsoft® Windows® Operating System
67183c.1b64: ProductVersion: 6.1.7601.23543
68183c.1b64: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
69183c.1b64: FileDescription: ApiSet Schema DLL
70183c.1b64: Found driver NisDrv (0x400)
71183c.1b64: supR3HardenedWinFindAdversaries: 0x400
72183c.1b64: \SystemRoot\System32\drivers\MpFilter.sys:
73183c.1b64: CreationTime: 2016-08-25T07:46:12.000000000Z
74183c.1b64: LastWriteTime: 2016-08-25T07:46:12.000000000Z
75183c.1b64: ChangeTime: 2016-11-30T18:19:20.616000000Z
76183c.1b64: FileAttributes: 0x20
77183c.1b64: Size: 0x48058
78183c.1b64: NT Headers: 0xe8
79183c.1b64: Timestamp: 0x57a90f3d
80183c.1b64: Machine: 0x8664 - amd64
81183c.1b64: Timestamp: 0x57a90f3d
82183c.1b64: Image Version: 10.0
83183c.1b64: SizeOfImage: 0x48000 (294912)
84183c.1b64: Resource Dir: 0x45000 LB 0x1090
85183c.1b64: ProductName: Microsoft Malware Protection
86183c.1b64: ProductVersion: 4.10.0202.0
87183c.1b64: FileVersion: 4.10.0202.0
88183c.1b64: FileDescription: Microsoft antimalware file system filter driver
89183c.1b64: \SystemRoot\System32\drivers\NisDrvWFP.sys:
90183c.1b64: CreationTime: 2015-11-13T05:50:26.000000000Z
91183c.1b64: LastWriteTime: 2016-08-25T07:46:12.000000000Z
92183c.1b64: ChangeTime: 2016-11-30T18:19:20.577000000Z
93183c.1b64: FileAttributes: 0x20
94183c.1b64: Size: 0x212f8
95183c.1b64: NT Headers: 0xe8
96183c.1b64: Timestamp: 0x57a90f42
97183c.1b64: Machine: 0x8664 - amd64
98183c.1b64: Timestamp: 0x57a90f42
99183c.1b64: Image Version: 10.0
100183c.1b64: SizeOfImage: 0x20000 (131072)
101183c.1b64: Resource Dir: 0x1d000 LB 0x1b90
102183c.1b64: ProductName: Microsoft Malware Protection
103183c.1b64: ProductVersion: 4.10.0202.0
104183c.1b64: FileVersion: 4.10.0202.0
105183c.1b64: FileDescription: Microsoft Network Realtime Inspection Driver
106183c.1b64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
107183c.1b64: Calling main()
108183c.1b64: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
109183c.1b64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
110183c.1b64: SUPR3HardenedMain: Respawn #1
111183c.1b64: System32: \Device\HarddiskVolume2\Windows\System32
112183c.1b64: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
113183c.1b64: KnownDllPath: C:\Windows\system32
114183c.1b64: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
115183c.1b64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
116183c.1b64: supR3HardNtEnableThreadCreation:
117183c.1b64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007734a0e0 pvNtTerminateThread=000000007736c060
118183c.1b64: supR3HardenedWinDoReSpawn(1): New child 1590.17f0 [kernel32].
119183c.1b64: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
120183c.1b64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077320000 uNtDllChildAddr=0000000077320000
121183c.1b64: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007734a0e0
122183c.1b64: supR3HardenedWinSetupChildInit: Start child.
123183c.1b64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
124183c.1b64: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
125183c.1b64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
126183c.1b64: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
127183c.1b64: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
128183c.1b64: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
129183c.1b64: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
130183c.1b64: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
131183c.1b64: 0000000000041000-ffffffffffe81fff 0x0001/0x0000 0x0000000
132183c.1b64: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
133183c.1b64: 00000000002fc000-00000000002f9fff 0x0104/0x0004 0x0020000
134183c.1b64: 00000000002fe000-00000000002fbfff 0x0004/0x0004 0x0020000
135183c.1b64: 0000000000300000-ffffffff892dffff 0x0001/0x0000 0x0000000
136183c.1b64: *0000000077320000-0000000077320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137183c.1b64: 0000000077321000-000000007741dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138183c.1b64: 000000007741e000-000000007744cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139183c.1b64: 000000007744d000-0000000077456fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140183c.1b64: 0000000077457000-0000000077457fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141183c.1b64: 0000000077458000-000000007745afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
142183c.1b64: 000000007745b000-00000000774c9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143183c.1b64: 00000000774ca000-000000006f9b3fff 0x0001/0x0000 0x0000000
144183c.1b64: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
145183c.1b64: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
146183c.1b64: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
147183c.1b64: 000000007fff0000-ffffffffc0e3ffff 0x0001/0x0000 0x0000000
148183c.1b64: *000000013f1a0000-000000013f1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
149183c.1b64: 000000013f1a1000-000000013f20ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
150183c.1b64: 000000013f210000-000000013f210fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
151183c.1b64: 000000013f211000-000000013f255fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
152183c.1b64: 000000013f256000-000000013f256fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
153183c.1b64: 000000013f257000-000000013f257fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
154183c.1b64: 000000013f258000-000000013f25cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
155183c.1b64: 000000013f25d000-000000013f25dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
156183c.1b64: 000000013f25e000-000000013f25efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
157183c.1b64: 000000013f25f000-000000013f262fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
158183c.1b64: 000000013f263000-000000013f2aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
159183c.1b64: 000000013f2ab000-fffff8037ef15fff 0x0001/0x0000 0x0000000
160183c.1b64: *000007feff640000-000007feff640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
161183c.1b64: 000007feff641000-000007fdfecd1fff 0x0001/0x0000 0x0000000
162183c.1b64: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
163183c.1b64: *000007fffffd3000-000007fffffd1fff 0x0004/0x0004 0x0020000
164183c.1b64: 000007fffffd4000-000007fffffc9fff 0x0001/0x0000 0x0000000
165183c.1b64: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
166183c.1b64: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
167183c.1b64: apisetschema.dll: timestamp 0x57d2fdbf (rc=VINF_SUCCESS)
168183c.1b64: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
169183c.1b64: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
170183c.1b64: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
171183c.1b64: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
172183c.1b64: supR3HardNtChildPurify: Done after 578 ms and 0 fixes (loop #0).
1731590.17f0: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1741590.17f0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077320000 g_uNtVerCombined=0x611db100
175183c.1b64: supR3HardNtEnableThreadCreation:
1761590.17f0: ntdll.dll: timestamp 0x57d2fde1 (rc=VINF_SUCCESS)
1771590.17f0: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
1781590.17f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
1791590.17f0: System32: \Device\HarddiskVolume2\Windows\System32
1801590.17f0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1811590.17f0: KnownDllPath: C:\Windows\system32
1821590.17f0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1831590.17f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1841590.17f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1851590.17f0: Registered Dll notification callback with NTDLL.
1861590.17f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1871590.17f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1881590.17f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1891590.17f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1901590.17f0: supR3HardenedDllNotificationCallback: load 0000000077200000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1911590.17f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1921590.17f0: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1931590.17f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1941590.17f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1951590.17f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
1961590.17f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007734a0e0 pvNtTerminateThread=000000007736c060
197183c.1b64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 33 ms.
1981590.17f0: \SystemRoot\System32\ntdll.dll:
1991590.17f0: CreationTime: 2016-10-13T16:13:10.665846300Z
2001590.17f0: LastWriteTime: 2016-09-09T18:23:54.494442200Z
2011590.17f0: ChangeTime: 2016-10-14T00:18:44.407207500Z
2021590.17f0: FileAttributes: 0x20
2031590.17f0: Size: 0x1a7100
2041590.17f0: NT Headers: 0xe0
2051590.17f0: Timestamp: 0x57d2fde1
2061590.17f0: Machine: 0x8664 - amd64
2071590.17f0: Timestamp: 0x57d2fde1
2081590.17f0: Image Version: 6.1
2091590.17f0: SizeOfImage: 0x1aa000 (1744896)
2101590.17f0: Resource Dir: 0x14e000 LB 0x5a028
2111590.17f0: ProductName: Microsoft® Windows® Operating System
2121590.17f0: ProductVersion: 6.1.7601.23543
2131590.17f0: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
2141590.17f0: FileDescription: NT Layer DLL
2151590.17f0: \SystemRoot\System32\kernel32.dll:
2161590.17f0: CreationTime: 2016-10-13T16:13:08.515843300Z
2171590.17f0: LastWriteTime: 2016-09-09T18:20:44.136000000Z
2181590.17f0: ChangeTime: 2016-10-14T00:18:44.563207700Z
2191590.17f0: FileAttributes: 0x20
2201590.17f0: Size: 0x11c000
2211590.17f0: NT Headers: 0xe0
2221590.17f0: Timestamp: 0x57d2fe26
2231590.17f0: Machine: 0x8664 - amd64
2241590.17f0: Timestamp: 0x57d2fe26
2251590.17f0: Image Version: 6.1
2261590.17f0: SizeOfImage: 0x11f000 (1175552)
2271590.17f0: Resource Dir: 0x116000 LB 0x528
2281590.17f0: ProductName: Microsoft® Windows® Operating System
2291590.17f0: ProductVersion: 6.1.7601.23543
2301590.17f0: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
2311590.17f0: FileDescription: Windows NT BASE API Client DLL
2321590.17f0: \SystemRoot\System32\KernelBase.dll:
2331590.17f0: CreationTime: 2016-10-13T16:13:08.105842700Z
2341590.17f0: LastWriteTime: 2016-09-09T18:20:44.151000000Z
2351590.17f0: ChangeTime: 2016-10-14T00:18:44.563207700Z
2361590.17f0: FileAttributes: 0x20
2371590.17f0: Size: 0x66800
2381590.17f0: NT Headers: 0xe8
2391590.17f0: Timestamp: 0x57d2fe27
2401590.17f0: Machine: 0x8664 - amd64
2411590.17f0: Timestamp: 0x57d2fe27
2421590.17f0: Image Version: 6.1
2431590.17f0: SizeOfImage: 0x6a000 (434176)
2441590.17f0: Resource Dir: 0x68000 LB 0x530
2451590.17f0: ProductName: Microsoft® Windows® Operating System
2461590.17f0: ProductVersion: 6.1.7601.23543
2471590.17f0: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
2481590.17f0: FileDescription: Windows NT BASE API Client DLL
2491590.17f0: \SystemRoot\System32\apisetschema.dll:
2501590.17f0: CreationTime: 2016-10-13T16:13:06.805840900Z
2511590.17f0: LastWriteTime: 2016-09-09T18:20:38.613000000Z
2521590.17f0: ChangeTime: 2016-10-14T00:18:44.407207500Z
2531590.17f0: FileAttributes: 0x20
2541590.17f0: Size: 0x1a00
2551590.17f0: NT Headers: 0xc0
2561590.17f0: Timestamp: 0x57d2fdbf
2571590.17f0: Machine: 0x8664 - amd64
2581590.17f0: Timestamp: 0x57d2fdbf
2591590.17f0: Image Version: 6.1
2601590.17f0: SizeOfImage: 0x50000 (327680)
2611590.17f0: Resource Dir: 0x30000 LB 0x3f8
2621590.17f0: ProductName: Microsoft® Windows® Operating System
2631590.17f0: ProductVersion: 6.1.7601.23543
2641590.17f0: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
2651590.17f0: FileDescription: ApiSet Schema DLL
2661590.17f0: Found driver NisDrv (0x400)
2671590.17f0: supR3HardenedWinFindAdversaries: 0x400
2681590.17f0: \SystemRoot\System32\drivers\MpFilter.sys:
2691590.17f0: CreationTime: 2016-08-25T07:46:12.000000000Z
2701590.17f0: LastWriteTime: 2016-08-25T07:46:12.000000000Z
2711590.17f0: ChangeTime: 2016-11-30T18:19:20.616000000Z
2721590.17f0: FileAttributes: 0x20
2731590.17f0: Size: 0x48058
2741590.17f0: NT Headers: 0xe8
2751590.17f0: Timestamp: 0x57a90f3d
2761590.17f0: Machine: 0x8664 - amd64
2771590.17f0: Timestamp: 0x57a90f3d
2781590.17f0: Image Version: 10.0
2791590.17f0: SizeOfImage: 0x48000 (294912)
2801590.17f0: Resource Dir: 0x45000 LB 0x1090
2811590.17f0: ProductName: Microsoft Malware Protection
2821590.17f0: ProductVersion: 4.10.0202.0
2831590.17f0: FileVersion: 4.10.0202.0
2841590.17f0: FileDescription: Microsoft antimalware file system filter driver
2851590.17f0: \SystemRoot\System32\drivers\NisDrvWFP.sys:
2861590.17f0: CreationTime: 2015-11-13T05:50:26.000000000Z
2871590.17f0: LastWriteTime: 2016-08-25T07:46:12.000000000Z
2881590.17f0: ChangeTime: 2016-11-30T18:19:20.577000000Z
2891590.17f0: FileAttributes: 0x20
2901590.17f0: Size: 0x212f8
2911590.17f0: NT Headers: 0xe8
2921590.17f0: Timestamp: 0x57a90f42
2931590.17f0: Machine: 0x8664 - amd64
2941590.17f0: Timestamp: 0x57a90f42
2951590.17f0: Image Version: 10.0
2961590.17f0: SizeOfImage: 0x20000 (131072)
2971590.17f0: Resource Dir: 0x1d000 LB 0x1b90
2981590.17f0: ProductName: Microsoft Malware Protection
2991590.17f0: ProductVersion: 4.10.0202.0
3001590.17f0: FileVersion: 4.10.0202.0
3011590.17f0: FileDescription: Microsoft Network Realtime Inspection Driver
3021590.17f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
3031590.17f0: Calling main()
3041590.17f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3051590.17f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
3061590.17f0: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
3071590.17f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
3081590.17f0: SUPR3HardenedMain: Respawn #2
3091590.17f0: supR3HardNtEnableThreadCreation:
3101590.17f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3111590.17f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3121590.17f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3131590.17f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3141590.17f0: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3151590.17f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3161590.17f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\apphelp.dll'
3171590.17f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007734a0e0 pvNtTerminateThread=000000007736c060
3181590.17f0: supR3HardenedWinDoReSpawn(2): New child 1b74.1934 [kernel32].
3191590.17f0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
3201590.17f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077320000 uNtDllChildAddr=0000000077320000
3211590.17f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007734a0e0
3221590.17f0: supR3HardenedWinSetupChildInit: Start child.
3231590.17f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3241590.17f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3251590.17f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3261590.17f0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3271590.17f0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3281590.17f0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3291590.17f0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3301590.17f0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3311590.17f0: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000
3321590.17f0: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
3331590.17f0: 00000000002dc000-00000000002d9fff 0x0104/0x0004 0x0020000
3341590.17f0: 00000000002de000-00000000002dbfff 0x0004/0x0004 0x0020000
3351590.17f0: 00000000002e0000-ffffffff8929ffff 0x0001/0x0000 0x0000000
3361590.17f0: *0000000077320000-0000000077320fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3371590.17f0: 0000000077321000-000000007741dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3381590.17f0: 000000007741e000-000000007744cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3391590.17f0: 000000007744d000-0000000077456fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3401590.17f0: 0000000077457000-0000000077457fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3411590.17f0: 0000000077458000-000000007745afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3421590.17f0: 000000007745b000-00000000774c9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3431590.17f0: 00000000774ca000-000000006f9b3fff 0x0001/0x0000 0x0000000
3441590.17f0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
3451590.17f0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3461590.17f0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3471590.17f0: 000000007fff0000-ffffffffc0e3ffff 0x0001/0x0000 0x0000000
3481590.17f0: *000000013f1a0000-000000013f1a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3491590.17f0: 000000013f1a1000-000000013f20ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3501590.17f0: 000000013f210000-000000013f210fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3511590.17f0: 000000013f211000-000000013f255fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3521590.17f0: 000000013f256000-000000013f256fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3531590.17f0: 000000013f257000-000000013f257fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3541590.17f0: 000000013f258000-000000013f25cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3551590.17f0: 000000013f25d000-000000013f25dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3561590.17f0: 000000013f25e000-000000013f25efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3571590.17f0: 000000013f25f000-000000013f262fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3581590.17f0: 000000013f263000-000000013f2aafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
3591590.17f0: 000000013f2ab000-fffff8037ef15fff 0x0001/0x0000 0x0000000
3601590.17f0: *000007feff640000-000007feff640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3611590.17f0: 000007feff641000-000007fdfecd1fff 0x0001/0x0000 0x0000000
3621590.17f0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3631590.17f0: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
3641590.17f0: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
3651590.17f0: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
3661590.17f0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3671590.17f0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3681590.17f0: apisetschema.dll: timestamp 0x57d2fdbf (rc=VINF_SUCCESS)
3691590.17f0: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
3701590.17f0: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
3711590.17f0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3721590.17f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3731590.17f0: supR3HardNtChildPurify: Done after 576 ms and 0 fixes (loop #0).
3741b74.1934: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3751b74.1934: supR3HardenedVmProcessInit: uNtDllAddr=0000000077320000 g_uNtVerCombined=0x611db100
3761590.17f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
3771590.17f0: supR3HardNtEnableThreadCreation:
3781b74.1934: ntdll.dll: timestamp 0x57d2fde1 (rc=VINF_SUCCESS)
3791b74.1934: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1744896 allocation)
3801b74.1934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
3811b74.1934: System32: \Device\HarddiskVolume2\Windows\System32
3821b74.1934: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3831b74.1934: KnownDllPath: C:\Windows\system32
3841b74.1934: supR3HardenedVmProcessInit: Opening vboxdrv...
3851b74.1934: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3861b74.1934: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3871b74.1934: Registered Dll notification callback with NTDLL.
3881b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3891b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3901b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3911b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3921b74.1934: supR3HardenedDllNotificationCallback: load 0000000077200000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3931b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3941b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3951b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3961b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3971b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
3981b74.1934: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007734a0e0 pvNtTerminateThread=000000007736c060
3991590.17f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 42 ms.
4001b74.1934: \SystemRoot\System32\ntdll.dll:
4011b74.1934: CreationTime: 2016-10-13T16:13:10.665846300Z
4021b74.1934: LastWriteTime: 2016-09-09T18:23:54.494442200Z
4031b74.1934: ChangeTime: 2016-10-14T00:18:44.407207500Z
4041b74.1934: FileAttributes: 0x20
4051b74.1934: Size: 0x1a7100
4061b74.1934: NT Headers: 0xe0
4071b74.1934: Timestamp: 0x57d2fde1
4081b74.1934: Machine: 0x8664 - amd64
4091b74.1934: Timestamp: 0x57d2fde1
4101b74.1934: Image Version: 6.1
4111b74.1934: SizeOfImage: 0x1aa000 (1744896)
4121b74.1934: Resource Dir: 0x14e000 LB 0x5a028
4131b74.1934: ProductName: Microsoft® Windows® Operating System
4141b74.1934: ProductVersion: 6.1.7601.23543
4151b74.1934: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
4161b74.1934: FileDescription: NT Layer DLL
4171b74.1934: \SystemRoot\System32\kernel32.dll:
4181b74.1934: CreationTime: 2016-10-13T16:13:08.515843300Z
4191b74.1934: LastWriteTime: 2016-09-09T18:20:44.136000000Z
4201b74.1934: ChangeTime: 2016-10-14T00:18:44.563207700Z
4211b74.1934: FileAttributes: 0x20
4221b74.1934: Size: 0x11c000
4231b74.1934: NT Headers: 0xe0
4241b74.1934: Timestamp: 0x57d2fe26
4251b74.1934: Machine: 0x8664 - amd64
4261b74.1934: Timestamp: 0x57d2fe26
4271b74.1934: Image Version: 6.1
4281b74.1934: SizeOfImage: 0x11f000 (1175552)
4291b74.1934: Resource Dir: 0x116000 LB 0x528
4301b74.1934: ProductName: Microsoft® Windows® Operating System
4311b74.1934: ProductVersion: 6.1.7601.23543
4321b74.1934: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
4331b74.1934: FileDescription: Windows NT BASE API Client DLL
4341b74.1934: \SystemRoot\System32\KernelBase.dll:
4351b74.1934: CreationTime: 2016-10-13T16:13:08.105842700Z
4361b74.1934: LastWriteTime: 2016-09-09T18:20:44.151000000Z
4371b74.1934: ChangeTime: 2016-10-14T00:18:44.563207700Z
4381b74.1934: FileAttributes: 0x20
4391b74.1934: Size: 0x66800
4401b74.1934: NT Headers: 0xe8
4411b74.1934: Timestamp: 0x57d2fe27
4421b74.1934: Machine: 0x8664 - amd64
4431b74.1934: Timestamp: 0x57d2fe27
4441b74.1934: Image Version: 6.1
4451b74.1934: SizeOfImage: 0x6a000 (434176)
4461b74.1934: Resource Dir: 0x68000 LB 0x530
4471b74.1934: ProductName: Microsoft® Windows® Operating System
4481b74.1934: ProductVersion: 6.1.7601.23543
4491b74.1934: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
4501b74.1934: FileDescription: Windows NT BASE API Client DLL
4511b74.1934: \SystemRoot\System32\apisetschema.dll:
4521b74.1934: CreationTime: 2016-10-13T16:13:06.805840900Z
4531b74.1934: LastWriteTime: 2016-09-09T18:20:38.613000000Z
4541b74.1934: ChangeTime: 2016-10-14T00:18:44.407207500Z
4551b74.1934: FileAttributes: 0x20
4561b74.1934: Size: 0x1a00
4571b74.1934: NT Headers: 0xc0
4581b74.1934: Timestamp: 0x57d2fdbf
4591b74.1934: Machine: 0x8664 - amd64
4601b74.1934: Timestamp: 0x57d2fdbf
4611b74.1934: Image Version: 6.1
4621b74.1934: SizeOfImage: 0x50000 (327680)
4631b74.1934: Resource Dir: 0x30000 LB 0x3f8
4641b74.1934: ProductName: Microsoft® Windows® Operating System
4651b74.1934: ProductVersion: 6.1.7601.23543
4661b74.1934: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
4671b74.1934: FileDescription: ApiSet Schema DLL
4681b74.1934: Found driver NisDrv (0x400)
4691b74.1934: supR3HardenedWinFindAdversaries: 0x400
4701b74.1934: \SystemRoot\System32\drivers\MpFilter.sys:
4711b74.1934: CreationTime: 2016-08-25T07:46:12.000000000Z
4721b74.1934: LastWriteTime: 2016-08-25T07:46:12.000000000Z
4731b74.1934: ChangeTime: 2016-11-30T18:19:20.616000000Z
4741b74.1934: FileAttributes: 0x20
4751b74.1934: Size: 0x48058
4761b74.1934: NT Headers: 0xe8
4771b74.1934: Timestamp: 0x57a90f3d
4781b74.1934: Machine: 0x8664 - amd64
4791b74.1934: Timestamp: 0x57a90f3d
4801b74.1934: Image Version: 10.0
4811b74.1934: SizeOfImage: 0x48000 (294912)
4821b74.1934: Resource Dir: 0x45000 LB 0x1090
4831b74.1934: ProductName: Microsoft Malware Protection
4841b74.1934: ProductVersion: 4.10.0202.0
4851b74.1934: FileVersion: 4.10.0202.0
4861b74.1934: FileDescription: Microsoft antimalware file system filter driver
4871b74.1934: \SystemRoot\System32\drivers\NisDrvWFP.sys:
4881b74.1934: CreationTime: 2015-11-13T05:50:26.000000000Z
4891b74.1934: LastWriteTime: 2016-08-25T07:46:12.000000000Z
4901b74.1934: ChangeTime: 2016-11-30T18:19:20.577000000Z
4911b74.1934: FileAttributes: 0x20
4921b74.1934: Size: 0x212f8
4931b74.1934: NT Headers: 0xe8
4941b74.1934: Timestamp: 0x57a90f42
4951b74.1934: Machine: 0x8664 - amd64
4961b74.1934: Timestamp: 0x57a90f42
4971b74.1934: Image Version: 10.0
4981b74.1934: SizeOfImage: 0x20000 (131072)
4991b74.1934: Resource Dir: 0x1d000 LB 0x1b90
5001b74.1934: ProductName: Microsoft Malware Protection
5011b74.1934: ProductVersion: 4.10.0202.0
5021b74.1934: FileVersion: 4.10.0202.0
5031b74.1934: FileDescription: Microsoft Network Realtime Inspection Driver
5041b74.1934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
5051b74.1934: Calling main()
5061b74.1934: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5071b74.1934: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
5081b74.1934: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
5091b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
5101b74.1934: SUPR3HardenedMain: Final process, opening VBoxDrv...
5111b74.1934: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
5121b74.1934: supR3HardNtEnableThreadCreation:
5131b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll)
5141b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll
5151b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002db551:<flags> [calling]
5161b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5171b74.1934: supR3HardenedDllNotificationCallback: load 000007fefb960000 LB 0x00005000 C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5181b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5191b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5201b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d8cd1:<flags> [calling]
5211b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb960000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
5221b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5231b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d8cd1:<flags> [calling]
5241b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb960000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
5251b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb960000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
5261b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5271b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
5281b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5291b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
5301b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
5311b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
5321b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5331b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5341b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
5351b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
5361b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5371b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5381b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
5391b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
5401b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5411b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5421b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5431b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5441b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
5451b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
5461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5471b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5481b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
5491b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
5501b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5511b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5521b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5531b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5541b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5551b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5561b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dd361:<flags> [calling]
5571b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5581b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
5591b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5601b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe590000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
5611b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5621b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
5631b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5641b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
5651b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5661b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe420000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
5671b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5681b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\Wintrust.dll'
5691b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5701b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5711b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dd361:<flags> [calling]
5721b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5731b74.1934: supR3HardenedDllNotificationCallback: load 000007fefc9c0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
5741b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5751b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9c0000 'C:\Windows\system32\bcrypt.dll'
5761b74.1934: bcrypt.dll loaded at 000007fefc9c0000, BCryptOpenAlgorithmProvider at 000007fefc9c2640, preloading providers:
5771b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
5781b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
5791b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5801b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5811b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5821b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5831b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5841b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5851b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5861b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5871b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
5881b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
5891b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
5901b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5911b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5921b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5931b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5941b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5951b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5961b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dd351:<flags> [calling]
5971b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5981b74.1934: supR3HardenedDllNotificationCallback: load 000007fefc4c0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
5991b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6001b74.1934: supR3HardenedDllNotificationCallback: load 000007fefdc00000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
6011b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6021b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6031b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6041b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6051b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6061b74.1934: supR3HardenedDllNotificationCallback: load 000007fefdec0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
6071b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6081b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4c0000 'C:\Windows\system32\bcryptprimitives.dll'
6091b74.1934: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000083b780)
6101b74.1934: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000083d740)
6111b74.1934: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000083d860)
6121b74.1934: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000083da70)
6131b74.1934: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000083db90)
6141b74.1934: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000083dcb0)
6151b74.1934: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000083def0)
6161b74.1934: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000083e010)
6171b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
6181b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
6191b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6201b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6211b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6221b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6231b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6241b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6251b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dceb1:<flags> [calling]
6261b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6271b74.1934: supR3HardenedDllNotificationCallback: load 000007fefca80000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
6281b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6291b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\Windows\system32\CRYPTSP.dll'
6301b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6311b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
6321b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
6331b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6351b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6361b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dce41:<flags> [calling]
6371b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6381b74.1934: supR3HardenedDllNotificationCallback: load 000007fefc520000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
6391b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6401b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc520000 'C:\Windows\system32\rsaenh.dll'
6411b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6421b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc6d1:<flags> [calling]
6431b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\ADVAPI32.dll'
6441b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
6451b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
6461b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dca51:<flags> [calling]
6471b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6481b74.1934: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
6491b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6501b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\CRYPTBASE.dll'
6511b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6521b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc481:<flags> [calling]
6531b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
6541b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6551b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dce11:<flags> [calling]
6561b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\WINTRUST.DLL'
6571b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6581b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002dcc41:<flags> [calling]
6591b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\CRYPT32.dll'
6601b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6611b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
6621b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6631b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6641b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6651b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6661b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6671b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6681b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6691b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6701b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dcc91:<flags> [calling]
6711b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6721b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe570000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
6731b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6741b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\imagehlp.dll'
6751b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6761b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dcde1:<flags> [calling]
6771b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\Windows\system32\CRYPTSP.dll'
6781b74.1934: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
6791b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6801b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
6811b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
6821b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6831b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6841b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6851b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
6861b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
6871b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
6881b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
6891b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
6901b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6911b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6921b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
6931b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
6941b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
6951b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6961b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6971b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6981b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
6991b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7001b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7011b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7021b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7031b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
7041b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
7051b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7061b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7071b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7091b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7101b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7111b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7121b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7131b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7141b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7151b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7161b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7171b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7181b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7191b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7201b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc911:<flags> [calling]
7211b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7221b74.1934: supR3HardenedDllNotificationCallback: load 0000000077100000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
7231b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7241b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe630000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
7251b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7261b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe550000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
7271b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
7281b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe700000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
7291b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
7301b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7311b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dbe11:<flags> [calling]
7321b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\Windows\system32\gdi32.dll'
7331b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
7341b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
7351b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
7361b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
7371b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
7381b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
7391b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
7401b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7411b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
7421b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
7431b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
7441b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
7451b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
7461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7471b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7481b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7491b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7501b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7511b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7521b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
7531b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
7541b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7551b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7561b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7571b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7581b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7591b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7601b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7611b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7621b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7631b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7641b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002db751:<flags> [calling]
7651b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7661b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe870000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
7671b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7681b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd4f0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
7691b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
7701b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe870000 'C:\Windows\system32\IMM32.DLL'
7711b74.1934: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\nvinitx.dll': 5 (NtPath=\??\C:\Windows\system32\nvinitx.dll; Input=C:\Windows\system32\nvinitx.dll; rcNtGetDll=0x0
7721b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002db361:<flags> [calling]
7731b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\nvinitx.dll'
7741b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077100000 'C:\Windows\system32\USER32.dll'
7751b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
7761b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
7771b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
7781b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
7791b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
7801b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7811b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7821b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7831b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7841b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7851b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7861b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7871b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7881b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7891b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dcc11:<flags> [calling]
7901b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7911b74.1934: supR3HardenedDllNotificationCallback: load 000007fefc9f0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
7921b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7931b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9f0000 'C:\Windows\system32\ncrypt.dll'
7941b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7951b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dca01:<flags> [calling]
7961b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9c0000 'C:\Windows\system32\bcrypt.dll'
7971b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7981b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
7991b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8001b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
8011b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
8021b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8031b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8041b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8051b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
8061b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
8071b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8091b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8101b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8111b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8121b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8131b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8141b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8151b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8161b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc391:<flags> [calling]
8171b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8181b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd3e0000 LB 0x0001f000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
8191b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8201b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
8211b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8221b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3e0000 'C:\Windows\system32\USERENV.dll'
8231b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc0f1:<flags> [calling]
8241b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8251b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc481:<flags> [calling]
8261b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8271b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8281b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
8291b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
8301b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
8311b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8321b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8331b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8351b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8361b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8371b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc6b1:<flags> [calling]
8381b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8391b74.1934: supR3HardenedDllNotificationCallback: load 000007fefc2f0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
8401b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8411b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2f0000 'C:\Windows\system32\GPAPI.dll'
8421b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc601:<flags> [calling]
8431b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8441b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8451b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dbd01:<flags> [calling]
8461b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe420000 'C:\Windows\system32\rpcrt4.dll'
8471b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc5e1:<flags> [calling]
8481b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
8491b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc5f1:<flags> [calling]
8501b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8511b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8521b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
8531b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8541b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
8551b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
8561b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
8571b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8581b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8591b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8601b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
8611b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
8621b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8631b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8641b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8651b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8661b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8671b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8681b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8691b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8701b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8711b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8721b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8731b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8741b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc0f1:<flags> [calling]
8751b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8761b74.1934: supR3HardenedDllNotificationCallback: load 000007fef8340000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
8771b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8781b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe6a0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
8791b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8801b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8811b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8821b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8831b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8841b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8851b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8861b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8871b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8881b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8891b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8901b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8911b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8921b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8931b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8941b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8951b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8961b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002db321:<flags> [calling]
8971b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
8981b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8991b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9001b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9011b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9021b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9031b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9041b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9051b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9061b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9071b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9081b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9091b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9101b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8340000 'C:\Windows\system32\cryptnet.dll'
9111b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dba11:<flags> [calling]
9121b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9131b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9141b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dba11:<flags> [calling]
9151b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll'
9161b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9171b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9181b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9191b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
9201b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9211b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9221b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9231b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9241b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9251b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9261b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9271b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9281b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9291b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9301b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002db4a1:<flags> [calling]
9311b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9321b74.1934: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
9331b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9341b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb80000 'C:\Windows\system32\SHLWAPI.dll'
9351b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9361b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008829f0
9371b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9381b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC58830709AC8FEA95A077670C8A79A4F511C996
9391b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc3d1:<flags> [calling]
9401b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9411b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dbf31:<flags> [calling]
9421b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9431b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dbf31:<flags> [calling]
9441b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
9451b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9461b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc3d1:<flags> [calling]
9471b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\ADVAPI32.dll'
9481b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc381:<flags> [calling]
9491b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9501b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002dc071:<flags> [calling]
9511b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdec0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9521b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
9531b74.1934: g_pfnWinVerifyTrust=000007fefd0e1010
9541b74.1934: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9551b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
9561b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9571b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9581b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AF990F37D753AA60690FC7939ADB03EE893B58C
9591b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_287_for_KB3185330~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9601b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9611b74.1934: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9621b74.1934: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9631b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
9641b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9651b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9661b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A284C43D9CD4E55273B385170EFA8FC455EB8C
9671b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9681b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9691b74.1934: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9701b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9711b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9721b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9731b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=075C186B9EBBDEFAE43835198B8FA4897C63C80A
9741b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9751b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9761b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9771b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9781b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9791b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9801b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7B3B5F7B52853C4CEAA05E6163F5C4AF1132695
9811b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9821b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9831b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9841b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9851b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9861b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9871b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67EE3A294226F707ED5FD1E644414962E2DF2864
9881b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9891b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9901b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9911b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
9921b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
9931b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
9941b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
9951b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9961b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9971b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9981b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
9991b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10001b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10011b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10021b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10031b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10041b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10051b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
10061b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10071b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10081b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D9F8AE55E46F7953AA1EFA379D76F2A76D6983B
10091b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10101b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10111b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10121b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10131b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10141b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10151b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB43BC80C977C81424019EACECB86A14243FDB1C
10161b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10171b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10181b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10191b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
10201b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10211b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10221b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AC3A69E7F0F21E3443489E631E36BC69EC1C982A
10231b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10241b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10251b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10261b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
10271b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10281b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10291b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0711589B5C71949BF83C0050BD6CCD5C563CB82
10301b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10311b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10321b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10331b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
10341b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10351b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10361b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A3AE6C8E594E10B97CD89E5C9A11E2FC1124943
10371b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
10381b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10391b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
10401b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
10411b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10421b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10431b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B248FC58436AAEFEF00A75FCE0F004E89F8C7F94
10441b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
10451b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10461b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
10471b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
10481b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10491b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10501b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
10511b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
10521b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10531b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
10541b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
10551b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008829f0
10561b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008829f0
10571b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
10581b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
10591b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008eb690
10601b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
10611b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
10621b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
10631b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008eb750
10641b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb750
10651b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
10661b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
10671b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
10681b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10691b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10701b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
10711b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
10721b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4196077E577B8C9A37A0393FF352B04A96D1BD25
10731b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10741b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10751b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10761b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
10771b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
10781b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
10791b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C12E112BE267DAB0552EDF29018D7B535A9B940
10801b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10811b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10821b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10831b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
10841b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
10851b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
10861b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
10871b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
10881b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10891b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10901b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10911b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
10921b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
10931b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
10941b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9417957BEBAB30D0967EBB53DB5B3602DF9D0DA0
10951b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10961b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10971b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10981b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
10991b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11001b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11011b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=316CD6106AA5912D3BC1F9EC32A614FC739E9A55
11021b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_300_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11031b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11041b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11051b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11061b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11071b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11081b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11091b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
11101b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11111b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11121b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11131b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11141b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11151b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11161b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F543D9693ED83595BA3E87097E428D8B06956700
11171b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11181b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11191b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11201b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
11211b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11221b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11231b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71CB8510727C0FFA0BCEEFFACE63ACD80E6D9E25
11241b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11251b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11261b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11271b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11281b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11291b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11301b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F992ED2532F3F532E22AE18754AD66D6067F2F8A
11311b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11321b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11331b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11341b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll'
11351b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
11361b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11371b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11381b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1505BBC6CEC0A54FF4AD78E1102582ADE56BB5EC
11391b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11401b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11411b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11421b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
11431b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
11441b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
11451b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8EA17CD6E0302216E1E0EC2685425C8C04B56277
11461b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11471b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11481b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11491b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
11501b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dbe71:<flags> [calling]
11511b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\crypt32.dll'
11521b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11531b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11541b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11551b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11561b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11571b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11581b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11591b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11601b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
11611b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11621b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11631b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11641b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11651b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11661b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11671b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11681b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11691b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11701b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11711b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11721b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11731b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11741b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11751b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11761b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11771b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11781b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11791b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11801b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11811b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11821b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11831b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11841b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11851b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
11861b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11871b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11881b74.1934: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11891b74.1934: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=37
11901b74.1934: SUPR3HardenedMain: Load Runtime...
11911b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11921b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11931b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11941b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11951b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll) WinVerifyTrust
11961b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
11971b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11981b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11991b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12001b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12011b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12021b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12031b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
12041b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
12051b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
12061b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
12071b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12081b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12091b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12101b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12111b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12121b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12131b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12141b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12151b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12161b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll) WinVerifyTrust
12171b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
12181b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12191b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12201b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll) WinVerifyTrust
12211b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
12221b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12231b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12241b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
12251b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
12261b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
12271b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
12281b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
12291b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
12301b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE18DF13EDD042527B9D18576EE0514B174199E3
12311b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
12321b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12331b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
12341b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
12351b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12361b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12371b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12381b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12391b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12401b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
12411b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc1a1:<flags> [calling]
12421b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12431b74.1934: supR3HardenedDllNotificationCallback: load 000007fee4270000 LB 0x0053c000 C:\Program Files\Oracle VirtualBox\VBoxRT.dll [fFlags=0x0]
12441b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12451b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
12461b74.1934: supR3HardenedDllNotificationCallback: load 0000000066290000 LB 0x000d2000 C:\Program Files\Oracle VirtualBox\MSVCR100.dll [fFlags=0x0]
12471b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
12481b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
12491b74.1934: supR3HardenedDllNotificationCallback: load 00000000661f0000 LB 0x00098000 C:\Program Files\Oracle VirtualBox\MSVCP100.dll [fFlags=0x0]
12501b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
12511b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe070000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
12521b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12531b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe560000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
12541b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
12551b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12561b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12571b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12581b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12591b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12601b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12611b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12621b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12631b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12641b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12651b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12661b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12671b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12681b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12691b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12701b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12711b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12721b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12731b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12741b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12751b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12761b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12771b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12781b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12791b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12801b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12811b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
12821b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12831b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12841b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12851b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12861b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12871b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12881b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12891b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12901b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12911b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12921b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12931b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12941b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12951b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12961b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12971b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
12981b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
12991b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002d98e1:<flags> [calling]
13001b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
13011b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
13021b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
13031b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4270000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
13041b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
13051b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ddd01:<flags> [calling]
13061b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\Wintrust.dll'
13071b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13081b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc851:<flags> [calling]
13091b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\crypt32.dll'
13101b74.1934: SUPR3HardenedMain: Load TrustedMain...
13111b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13121b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13131b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13141b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13151b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13161b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13171b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13181b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13191b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13201b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13211b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13221b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13231b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13241b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13251b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13261b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll) WinVerifyTrust
13271b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
13281b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13291b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13301b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
13311b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
13321b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
13331b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E9A8D553148BED7B65ED40DA3FFB207DB1EAA55
13341b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
13351b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13361b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13371b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13381b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13391b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13401b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13411b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13421b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13431b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
13441b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
13451b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3E83E74A541ECA00DF9E1B5AA0999E45845CD9
13461b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3184122~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
13471b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13481b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13491b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13501b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
13511b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
13521b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13531b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13541b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13551b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13561b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13571b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
13581b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
13591b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
13601b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0D0E2D574BA619316D85AB73B5E0DDD89991AC2E
13611b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
13621b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13631b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13641b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13651b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
13661b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13671b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13681b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13691b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13701b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13711b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
13721b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
13731b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
13741b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
13751b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
13761b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13771b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13781b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
13791b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13801b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
13811b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
13821b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
13831b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13841b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13851b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13861b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13871b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13881b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13891b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13901b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13911b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13921b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13931b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13941b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13951b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
13961b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
13971b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
13981b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13991b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14001b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
14011b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
14021b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14031b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14041b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
14051b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
14061b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
14071b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
14081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14091b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14101b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14111b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14121b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14131b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14141b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14151b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14161b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14171b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14181b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
14191b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14201b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14211b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14221b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14231b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14241b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14251b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14261b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14271b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14281b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
14291b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
14301b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14311b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14321b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14331b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14341b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14351b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14361b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14371b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14381b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14391b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14401b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
14411b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
14421b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14431b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14441b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
14451b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14471b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
14481b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14491b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14501b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14511b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14521b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14531b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
14541b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
14551b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F331C42EC112FD278802B13D0ABF1F7F7FAADC60
14561b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_386_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14571b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14581b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14591b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14601b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14611b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14621b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14631b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14641b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
14651b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14661b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14671b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14681b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14691b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14701b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
14711b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
14721b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
14731b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
14741b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
14751b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14761b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14771b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14781b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
14791b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14801b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
14811b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
14821b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
14831b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
14841b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14851b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14861b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
14871b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
14881b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
14891b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07408AD5E39551BE479215B6694E8769C3AB0A25
14901b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_386_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
14911b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14921b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14931b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14941b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14951b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
14961b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
14971b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14981b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14991b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
15001b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15011b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15021b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15031b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15041b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15051b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15061b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15071b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
15081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15091b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15101b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
15111b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15121b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15131b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
15141b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
15151b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
15161b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
15171b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
15181b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15191b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
15201b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
15211b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15221b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15231b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15241b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15251b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15261b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15271b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15281b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15291b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15301b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15311b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15321b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15331b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15351b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15361b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15371b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
15381b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15391b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15401b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
15411b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15421b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15431b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
15441b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15451b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15471b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15481b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15491b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15501b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15511b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15521b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15531b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15541b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15551b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15561b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
15571b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15581b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15591b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
15601b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15611b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15621b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15631b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15641b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15651b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
15661b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15671b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15681b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
15691b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15701b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15711b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15721b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15731b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15741b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15751b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
15761b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15771b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15781b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15791b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
15801b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
15811b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1B7749647FCDDFFCFF3CBCB640B19EB14D1A00
15821b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
15831b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15841b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15851b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
15861b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15871b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15881b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
15891b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
15901b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
15911b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15921b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
15931b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15941b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
15951b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
15961b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
15971b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5955B5BC5D362A16362FF8902973FBB7E12403F3
15981b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
15991b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16001b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16011b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16021b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16031b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
16041b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16051b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16061b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16071b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
16081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16091b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16101b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
16111b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16121b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16131b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
16141b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16151b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16161b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16171b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16181b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16191b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16201b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16211b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16221b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
16231b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16241b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16251b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
16261b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16271b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16281b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
16291b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16301b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16311b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16321b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16331b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16351b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16361b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16371b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16381b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16391b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16401b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16411b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16421b74.1934: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16431b74.1934: Error (rc=0):
16441b74.1934: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
16451b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16471b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16481b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16491b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16501b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16511b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16521b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16531b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16541b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16551b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16561b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16571b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16581b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16591b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16601b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16611b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16621b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16631b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16641b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16651b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16661b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16671b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16681b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16691b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16701b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16711b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16721b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16731b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16741b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16751b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
16761b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
16771b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
16781b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=308DD516BDAC71083E63F74CF9F2CF305AB7C424
16791b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
16801b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16811b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16821b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16831b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16841b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
16851b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16861b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16871b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16881b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16891b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16901b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16911b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16921b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16931b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16941b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16951b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16961b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16971b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16981b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16991b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17001b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17011b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17021b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17031b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17041b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17051b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17061b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
17071b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
17081b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BA070FC48B59A14F38A79995E6F3990D04EA2F7
17091b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17101b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17111b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17121b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17131b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17141b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
17151b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17161b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17171b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17181b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
17191b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
17201b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
17211b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=638814E4F1F08BDE3B0DCBA93F02F14791D811C7
17221b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
17231b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17241b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17251b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17261b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17271b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17281b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17291b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17301b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17311b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
17321b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17331b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17351b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17361b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17371b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17381b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
17391b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
17401b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EB130FE5667C75A1CCDD15015B9391131942AA9
17411b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17421b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17431b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17441b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17451b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17461b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
17471b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17481b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17491b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17501b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17511b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17521b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17531b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17541b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17551b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17561b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17571b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17581b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
17591b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
17601b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
17611b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
17621b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
17631b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2FD0008F21C440BEC05CC950BF703010DCBAA292
17641b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
17651b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17661b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17671b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
17681b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
17691b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
17701b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17711b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17721b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17731b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17741b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17751b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17761b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17771b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17781b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17791b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17801b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17811b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17821b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17831b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17841b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008eb690
17851b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008eb690
17861b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AB181E88445DB552B76A85CA3B4C1F95F1C6AB1
17871b74.1934: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
17881b74.1934: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17891b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17901b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
17911b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17921b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
17931b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17941b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17951b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17961b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17971b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17981b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17991b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18001b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18011b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18021b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18031b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18041b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18051b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18061b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18071b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18081b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18091b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18101b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18111b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18121b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18131b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18141b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18151b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18161b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18171b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc1b1:<flags> [calling]
18181b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
18191b74.1934: supR3HardenedDllNotificationCallback: load 000007fee3980000 LB 0x008e8000 C:\Program Files\Oracle VirtualBox\VirtualBox.dll [fFlags=0x0]
18201b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
18211b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18221b74.1934: supR3HardenedDllNotificationCallback: load 000007feeda80000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
18231b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18241b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18251b74.1934: supR3HardenedDllNotificationCallback: load 000007fef8ca0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
18261b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18271b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18281b74.1934: supR3HardenedDllNotificationCallback: load 000007feed980000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
18291b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18301b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18311b74.1934: supR3HardenedDllNotificationCallback: load 000007fefbb80000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
18321b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18331b74.1934: supR3HardenedDllNotificationCallback: load 000007fefdce0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
18341b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
18351b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd070000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
18361b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18371b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd410000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
18381b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18391b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
18401b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18411b74.1934: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
18421b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
18431b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18441b74.1934: supR3HardenedDllNotificationCallback: load 000007fefbdd0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18451b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18461b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
18471b74.1934: supR3HardenedDllNotificationCallback: load 0000000064c40000 LB 0x00566000 C:\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
18481b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
18491b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
18501b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18511b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
18521b74.1934: supR3HardenedDllNotificationCallback: load 000007fef9720000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
18531b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
18541b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
18551b74.1934: supR3HardenedDllNotificationCallback: load 000007fee1ff0000 LB 0x005f7000 C:\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
18561b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
18571b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
18581b74.1934: supR3HardenedDllNotificationCallback: load 0000000065920000 LB 0x00561000 C:\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18591b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
18601b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
18611b74.1934: supR3HardenedDllNotificationCallback: load 000007feed390000 LB 0x00051000 C:\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18621b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
18631b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18641b74.1934: supR3HardenedDllNotificationCallback: load 000007fef69a0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
18651b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18661b74.1934: supR3HardenedDllNotificationCallback: load 000007fefe7d0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
18671b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18681b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18691b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18701b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18711b74.1934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18721b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18731b74.1934: supR3HardenedDllNotificationCallback: load 000007fef6a20000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
18741b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
18751b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
18761b74.1934: supR3HardenedDllNotificationCallback: load 0000000066190000 LB 0x00054000 C:\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18771b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
18781b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18791b74.1934: supR3HardenedDllNotificationCallback: load 000007fefb070000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
18801b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18811b74.1934: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
18821b74.1934: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
18831b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18841b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18851b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18861b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18871b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18881b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18891b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18901b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002db781:<flags> [calling]
18911b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe870000 'C:\Windows\system32\imm32.dll'
18921b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\ADVAPI32.DLL'
18931b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18941b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
18951b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\cryptbase.dll'
18961b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3980000 'C:\Program Files\Oracle VirtualBox\VirtualBox.dll'
18971b74.1934: SUPR3HardenedMain: Calling TrustedMain (000007fee3981610)...
18981b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18991b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ddab1:<flags> [calling]
19001b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\ole32.dll'
19011b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc00000 'C:\Windows\system32\ADVAPI32.dll'
19021b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
19031b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002dc191:<flags> [calling]
19041b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll'
19051b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19061b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19071b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19081b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19091b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19101b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19111b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19121b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19131b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19141b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19151b74.1934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19161b74.1934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19171b74.1934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
19181b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19191b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19201b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19211b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19221b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
19231b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19241b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19251b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
19261b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19271b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19281b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19291b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19301b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19311b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19321b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19331b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19341b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19351b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19361b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19371b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19381b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19391b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19401b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19411b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19421b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19431b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19441b74.1934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19451b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19461b74.1934: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19471b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002de481:<flags> [calling]
19481b74.1934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
19491b74.1934: supR3HardenedDllNotificationCallback: load 000007fee5120000 LB 0x0012e000 C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll [fFlags=0x0]
19501b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
19511b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5120000 'C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll'
19521b74.1934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
19531b74.1934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002de3b1:<flags> [calling]
19541b74.1934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\CRYPTBASE.dll'
19551590.17f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 709 ms, the end);
1956183c.1b64: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1348 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy