VirtualBox

Ticket #16613: VBoxHardening.log

File VBoxHardening.log, 207.0 KB (added by nickreserved, 7 years ago)

Lubuntu client crash

Line 
1d18.d30: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2d18.d30: \SystemRoot\System32\ntdll.dll:
3d18.d30: CreationTime: 2016-10-13T16:13:10.665846300Z
4d18.d30: LastWriteTime: 2016-09-09T18:23:54.494442200Z
5d18.d30: ChangeTime: 2016-10-14T00:18:44.407207500Z
6d18.d30: FileAttributes: 0x20
7d18.d30: Size: 0x1a7100
8d18.d30: NT Headers: 0xe0
9d18.d30: Timestamp: 0x57d2fde1
10d18.d30: Machine: 0x8664 - amd64
11d18.d30: Timestamp: 0x57d2fde1
12d18.d30: Image Version: 6.1
13d18.d30: SizeOfImage: 0x1aa000 (1744896)
14d18.d30: Resource Dir: 0x14e000 LB 0x5a028
15d18.d30: ProductName: Microsoft® Windows® Operating System
16d18.d30: ProductVersion: 6.1.7601.23543
17d18.d30: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
18d18.d30: FileDescription: NT Layer DLL
19d18.d30: \SystemRoot\System32\kernel32.dll:
20d18.d30: CreationTime: 2016-10-13T16:13:08.515843300Z
21d18.d30: LastWriteTime: 2016-09-09T18:20:44.136000000Z
22d18.d30: ChangeTime: 2016-10-14T00:18:44.563207700Z
23d18.d30: FileAttributes: 0x20
24d18.d30: Size: 0x11c000
25d18.d30: NT Headers: 0xe0
26d18.d30: Timestamp: 0x57d2fe26
27d18.d30: Machine: 0x8664 - amd64
28d18.d30: Timestamp: 0x57d2fe26
29d18.d30: Image Version: 6.1
30d18.d30: SizeOfImage: 0x11f000 (1175552)
31d18.d30: Resource Dir: 0x116000 LB 0x528
32d18.d30: ProductName: Microsoft® Windows® Operating System
33d18.d30: ProductVersion: 6.1.7601.23543
34d18.d30: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
35d18.d30: FileDescription: Windows NT BASE API Client DLL
36d18.d30: \SystemRoot\System32\KernelBase.dll:
37d18.d30: CreationTime: 2016-10-13T16:13:08.105842700Z
38d18.d30: LastWriteTime: 2016-09-09T18:20:44.151000000Z
39d18.d30: ChangeTime: 2016-10-14T00:18:44.563207700Z
40d18.d30: FileAttributes: 0x20
41d18.d30: Size: 0x66800
42d18.d30: NT Headers: 0xe8
43d18.d30: Timestamp: 0x57d2fe27
44d18.d30: Machine: 0x8664 - amd64
45d18.d30: Timestamp: 0x57d2fe27
46d18.d30: Image Version: 6.1
47d18.d30: SizeOfImage: 0x6a000 (434176)
48d18.d30: Resource Dir: 0x68000 LB 0x530
49d18.d30: ProductName: Microsoft® Windows® Operating System
50d18.d30: ProductVersion: 6.1.7601.23543
51d18.d30: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
52d18.d30: FileDescription: Windows NT BASE API Client DLL
53d18.d30: \SystemRoot\System32\apisetschema.dll:
54d18.d30: CreationTime: 2016-10-13T16:13:06.805840900Z
55d18.d30: LastWriteTime: 2016-09-09T18:20:38.613000000Z
56d18.d30: ChangeTime: 2016-10-14T00:18:44.407207500Z
57d18.d30: FileAttributes: 0x20
58d18.d30: Size: 0x1a00
59d18.d30: NT Headers: 0xc0
60d18.d30: Timestamp: 0x57d2fdbf
61d18.d30: Machine: 0x8664 - amd64
62d18.d30: Timestamp: 0x57d2fdbf
63d18.d30: Image Version: 6.1
64d18.d30: SizeOfImage: 0x50000 (327680)
65d18.d30: Resource Dir: 0x30000 LB 0x3f8
66d18.d30: ProductName: Microsoft® Windows® Operating System
67d18.d30: ProductVersion: 6.1.7601.23543
68d18.d30: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
69d18.d30: FileDescription: ApiSet Schema DLL
70d18.d30: Found driver NisDrv (0x400)
71d18.d30: supR3HardenedWinFindAdversaries: 0x400
72d18.d30: \SystemRoot\System32\drivers\MpFilter.sys:
73d18.d30: CreationTime: 2016-08-25T07:46:12.000000000Z
74d18.d30: LastWriteTime: 2016-08-25T07:46:12.000000000Z
75d18.d30: ChangeTime: 2016-11-30T18:19:20.616000000Z
76d18.d30: FileAttributes: 0x20
77d18.d30: Size: 0x48058
78d18.d30: NT Headers: 0xe8
79d18.d30: Timestamp: 0x57a90f3d
80d18.d30: Machine: 0x8664 - amd64
81d18.d30: Timestamp: 0x57a90f3d
82d18.d30: Image Version: 10.0
83d18.d30: SizeOfImage: 0x48000 (294912)
84d18.d30: Resource Dir: 0x45000 LB 0x1090
85d18.d30: ProductName: Microsoft Malware Protection
86d18.d30: ProductVersion: 4.10.0202.0
87d18.d30: FileVersion: 4.10.0202.0
88d18.d30: FileDescription: Microsoft antimalware file system filter driver
89d18.d30: \SystemRoot\System32\drivers\NisDrvWFP.sys:
90d18.d30: CreationTime: 2015-11-13T05:50:26.000000000Z
91d18.d30: LastWriteTime: 2016-08-25T07:46:12.000000000Z
92d18.d30: ChangeTime: 2016-11-30T18:19:20.577000000Z
93d18.d30: FileAttributes: 0x20
94d18.d30: Size: 0x212f8
95d18.d30: NT Headers: 0xe8
96d18.d30: Timestamp: 0x57a90f42
97d18.d30: Machine: 0x8664 - amd64
98d18.d30: Timestamp: 0x57a90f42
99d18.d30: Image Version: 10.0
100d18.d30: SizeOfImage: 0x20000 (131072)
101d18.d30: Resource Dir: 0x1d000 LB 0x1b90
102d18.d30: ProductName: Microsoft Malware Protection
103d18.d30: ProductVersion: 4.10.0202.0
104d18.d30: FileVersion: 4.10.0202.0
105d18.d30: FileDescription: Microsoft Network Realtime Inspection Driver
106d18.d30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
107d18.d30: Calling main()
108d18.d30: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
109d18.d30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
110d18.d30: SUPR3HardenedMain: Respawn #1
111d18.d30: System32: \Device\HarddiskVolume2\Windows\System32
112d18.d30: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
113d18.d30: KnownDllPath: C:\Windows\system32
114d18.d30: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
115d18.d30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
116d18.d30: supR3HardNtEnableThreadCreation:
117d18.d30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007790a0e0 pvNtTerminateThread=000000007792c060
118d18.d30: supR3HardenedWinDoReSpawn(1): New child d34.e94 [kernel32].
119d18.d30: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
120d18.d30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778e0000 uNtDllChildAddr=00000000778e0000
121d18.d30: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007790a0e0
122d18.d30: supR3HardenedWinSetupChildInit: Start child.
123d18.d30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
124d18.d30: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 54 sleeps
125d18.d30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
126d18.d30: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
127d18.d30: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
128d18.d30: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
129d18.d30: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
130d18.d30: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
131d18.d30: 0000000000041000-fffffffffff81fff 0x0001/0x0000 0x0000000
132d18.d30: *0000000000100000-0000000000003fff 0x0000/0x0004 0x0020000
133d18.d30: 00000000001fc000-00000000001f9fff 0x0104/0x0004 0x0020000
134d18.d30: 00000000001fe000-00000000001fbfff 0x0004/0x0004 0x0020000
135d18.d30: 0000000000200000-ffffffff88b1ffff 0x0001/0x0000 0x0000000
136d18.d30: *00000000778e0000-00000000778e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137d18.d30: 00000000778e1000-00000000779ddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138d18.d30: 00000000779de000-0000000077a0cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
139d18.d30: 0000000077a0d000-0000000077a16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
140d18.d30: 0000000077a17000-0000000077a17fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
141d18.d30: 0000000077a18000-0000000077a1afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
142d18.d30: 0000000077a1b000-0000000077a89fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
143d18.d30: 0000000077a8a000-0000000070533fff 0x0001/0x0000 0x0000000
144d18.d30: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
145d18.d30: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
146d18.d30: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
147d18.d30: 000000007fff0000-ffffffffc081ffff 0x0001/0x0000 0x0000000
148d18.d30: *000000013f7c0000-000000013f7c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
149d18.d30: 000000013f7c1000-000000013f82ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
150d18.d30: 000000013f830000-000000013f830fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
151d18.d30: 000000013f831000-000000013f875fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
152d18.d30: 000000013f876000-000000013f876fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
153d18.d30: 000000013f877000-000000013f877fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
154d18.d30: 000000013f878000-000000013f87cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
155d18.d30: 000000013f87d000-000000013f87dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
156d18.d30: 000000013f87e000-000000013f87efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
157d18.d30: 000000013f87f000-000000013f882fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
158d18.d30: 000000013f883000-000000013f8cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
159d18.d30: 000000013f8cb000-fffff8037f595fff 0x0001/0x0000 0x0000000
160d18.d30: *000007feffc00000-000007feffc00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
161d18.d30: 000007feffc01000-000007fdff851fff 0x0001/0x0000 0x0000000
162d18.d30: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
163d18.d30: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
164d18.d30: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
165d18.d30: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
166d18.d30: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
167d18.d30: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
168d18.d30: apisetschema.dll: timestamp 0x57d2fdbf (rc=VINF_SUCCESS)
169d18.d30: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
170d18.d30: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
171d18.d30: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
172d18.d30: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
173d18.d30: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
174d34.e94: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
175d34.e94: supR3HardenedVmProcessInit: uNtDllAddr=00000000778e0000 g_uNtVerCombined=0x611db100
176d18.d30: supR3HardNtEnableThreadCreation:
177d34.e94: ntdll.dll: timestamp 0x57d2fde1 (rc=VINF_SUCCESS)
178d34.e94: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
179d34.e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
180d34.e94: System32: \Device\HarddiskVolume2\Windows\System32
181d34.e94: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
182d34.e94: KnownDllPath: C:\Windows\system32
183d34.e94: supR3HardenedVmProcessInit: Opening vboxdrv stub...
184d34.e94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
185d34.e94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
186d34.e94: Registered Dll notification callback with NTDLL.
187d34.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
188d34.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
189d34.e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
190d34.e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
191d34.e94: supR3HardenedDllNotificationCallback: load 00000000777c0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
192d34.e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
193d34.e94: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
194d34.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
195d34.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
196d34.e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777c0000 'C:\Windows\system32\kernel32.dll'
197d34.e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007790a0e0 pvNtTerminateThread=000000007792c060
198d18.d30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
199d34.e94: \SystemRoot\System32\ntdll.dll:
200d34.e94: CreationTime: 2016-10-13T16:13:10.665846300Z
201d34.e94: LastWriteTime: 2016-09-09T18:23:54.494442200Z
202d34.e94: ChangeTime: 2016-10-14T00:18:44.407207500Z
203d34.e94: FileAttributes: 0x20
204d34.e94: Size: 0x1a7100
205d34.e94: NT Headers: 0xe0
206d34.e94: Timestamp: 0x57d2fde1
207d34.e94: Machine: 0x8664 - amd64
208d34.e94: Timestamp: 0x57d2fde1
209d34.e94: Image Version: 6.1
210d34.e94: SizeOfImage: 0x1aa000 (1744896)
211d34.e94: Resource Dir: 0x14e000 LB 0x5a028
212d34.e94: ProductName: Microsoft® Windows® Operating System
213d34.e94: ProductVersion: 6.1.7601.23543
214d34.e94: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
215d34.e94: FileDescription: NT Layer DLL
216d34.e94: \SystemRoot\System32\kernel32.dll:
217d34.e94: CreationTime: 2016-10-13T16:13:08.515843300Z
218d34.e94: LastWriteTime: 2016-09-09T18:20:44.136000000Z
219d34.e94: ChangeTime: 2016-10-14T00:18:44.563207700Z
220d34.e94: FileAttributes: 0x20
221d34.e94: Size: 0x11c000
222d34.e94: NT Headers: 0xe0
223d34.e94: Timestamp: 0x57d2fe26
224d34.e94: Machine: 0x8664 - amd64
225d34.e94: Timestamp: 0x57d2fe26
226d34.e94: Image Version: 6.1
227d34.e94: SizeOfImage: 0x11f000 (1175552)
228d34.e94: Resource Dir: 0x116000 LB 0x528
229d34.e94: ProductName: Microsoft® Windows® Operating System
230d34.e94: ProductVersion: 6.1.7601.23543
231d34.e94: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
232d34.e94: FileDescription: Windows NT BASE API Client DLL
233d34.e94: \SystemRoot\System32\KernelBase.dll:
234d34.e94: CreationTime: 2016-10-13T16:13:08.105842700Z
235d34.e94: LastWriteTime: 2016-09-09T18:20:44.151000000Z
236d34.e94: ChangeTime: 2016-10-14T00:18:44.563207700Z
237d34.e94: FileAttributes: 0x20
238d34.e94: Size: 0x66800
239d34.e94: NT Headers: 0xe8
240d34.e94: Timestamp: 0x57d2fe27
241d34.e94: Machine: 0x8664 - amd64
242d34.e94: Timestamp: 0x57d2fe27
243d34.e94: Image Version: 6.1
244d34.e94: SizeOfImage: 0x6a000 (434176)
245d34.e94: Resource Dir: 0x68000 LB 0x530
246d34.e94: ProductName: Microsoft® Windows® Operating System
247d34.e94: ProductVersion: 6.1.7601.23543
248d34.e94: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
249d34.e94: FileDescription: Windows NT BASE API Client DLL
250d34.e94: \SystemRoot\System32\apisetschema.dll:
251d34.e94: CreationTime: 2016-10-13T16:13:06.805840900Z
252d34.e94: LastWriteTime: 2016-09-09T18:20:38.613000000Z
253d34.e94: ChangeTime: 2016-10-14T00:18:44.407207500Z
254d34.e94: FileAttributes: 0x20
255d34.e94: Size: 0x1a00
256d34.e94: NT Headers: 0xc0
257d34.e94: Timestamp: 0x57d2fdbf
258d34.e94: Machine: 0x8664 - amd64
259d34.e94: Timestamp: 0x57d2fdbf
260d34.e94: Image Version: 6.1
261d34.e94: SizeOfImage: 0x50000 (327680)
262d34.e94: Resource Dir: 0x30000 LB 0x3f8
263d34.e94: ProductName: Microsoft® Windows® Operating System
264d34.e94: ProductVersion: 6.1.7601.23543
265d34.e94: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
266d34.e94: FileDescription: ApiSet Schema DLL
267d34.e94: Found driver NisDrv (0x400)
268d34.e94: supR3HardenedWinFindAdversaries: 0x400
269d34.e94: \SystemRoot\System32\drivers\MpFilter.sys:
270d34.e94: CreationTime: 2016-08-25T07:46:12.000000000Z
271d34.e94: LastWriteTime: 2016-08-25T07:46:12.000000000Z
272d34.e94: ChangeTime: 2016-11-30T18:19:20.616000000Z
273d34.e94: FileAttributes: 0x20
274d34.e94: Size: 0x48058
275d34.e94: NT Headers: 0xe8
276d34.e94: Timestamp: 0x57a90f3d
277d34.e94: Machine: 0x8664 - amd64
278d34.e94: Timestamp: 0x57a90f3d
279d34.e94: Image Version: 10.0
280d34.e94: SizeOfImage: 0x48000 (294912)
281d34.e94: Resource Dir: 0x45000 LB 0x1090
282d34.e94: ProductName: Microsoft Malware Protection
283d34.e94: ProductVersion: 4.10.0202.0
284d34.e94: FileVersion: 4.10.0202.0
285d34.e94: FileDescription: Microsoft antimalware file system filter driver
286d34.e94: \SystemRoot\System32\drivers\NisDrvWFP.sys:
287d34.e94: CreationTime: 2015-11-13T05:50:26.000000000Z
288d34.e94: LastWriteTime: 2016-08-25T07:46:12.000000000Z
289d34.e94: ChangeTime: 2016-11-30T18:19:20.577000000Z
290d34.e94: FileAttributes: 0x20
291d34.e94: Size: 0x212f8
292d34.e94: NT Headers: 0xe8
293d34.e94: Timestamp: 0x57a90f42
294d34.e94: Machine: 0x8664 - amd64
295d34.e94: Timestamp: 0x57a90f42
296d34.e94: Image Version: 10.0
297d34.e94: SizeOfImage: 0x20000 (131072)
298d34.e94: Resource Dir: 0x1d000 LB 0x1b90
299d34.e94: ProductName: Microsoft Malware Protection
300d34.e94: ProductVersion: 4.10.0202.0
301d34.e94: FileVersion: 4.10.0202.0
302d34.e94: FileDescription: Microsoft Network Realtime Inspection Driver
303d34.e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
304d34.e94: Calling main()
305d34.e94: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
306d34.e94: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
307d34.e94: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
308d34.e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
309d34.e94: SUPR3HardenedMain: Respawn #2
310d34.e94: supR3HardNtEnableThreadCreation:
311d34.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
312d34.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
313d34.e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
314d34.e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
315d34.e94: supR3HardenedDllNotificationCallback: load 000007fefd450000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
316d34.e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
317d34.e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\apphelp.dll'
318d34.e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007790a0e0 pvNtTerminateThread=000000007792c060
319d34.e94: supR3HardenedWinDoReSpawn(2): New child e90.cec [kernel32].
320d34.e94: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
321d34.e94: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778e0000 uNtDllChildAddr=00000000778e0000
322d34.e94: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007790a0e0
323d34.e94: supR3HardenedWinSetupChildInit: Start child.
324d34.e94: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 4 ms.
325d34.e94: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 59 sleeps
326d34.e94: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
327d34.e94: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
328d34.e94: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
329d34.e94: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
330d34.e94: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
331d34.e94: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
332d34.e94: 0000000000041000-ffffffffffe81fff 0x0001/0x0000 0x0000000
333d34.e94: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
334d34.e94: 00000000002fc000-00000000002f9fff 0x0104/0x0004 0x0020000
335d34.e94: 00000000002fe000-00000000002fbfff 0x0004/0x0004 0x0020000
336d34.e94: 0000000000300000-ffffffff88d1ffff 0x0001/0x0000 0x0000000
337d34.e94: *00000000778e0000-00000000778e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
338d34.e94: 00000000778e1000-00000000779ddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
339d34.e94: 00000000779de000-0000000077a0cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
340d34.e94: 0000000077a0d000-0000000077a16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
341d34.e94: 0000000077a17000-0000000077a17fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
342d34.e94: 0000000077a18000-0000000077a1afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
343d34.e94: 0000000077a1b000-0000000077a89fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
344d34.e94: 0000000077a8a000-0000000070533fff 0x0001/0x0000 0x0000000
345d34.e94: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
346d34.e94: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
347d34.e94: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
348d34.e94: 000000007fff0000-ffffffffc081ffff 0x0001/0x0000 0x0000000
349d34.e94: *000000013f7c0000-000000013f7c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
350d34.e94: 000000013f7c1000-000000013f82ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
351d34.e94: 000000013f830000-000000013f830fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
352d34.e94: 000000013f831000-000000013f875fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
353d34.e94: 000000013f876000-000000013f876fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
354d34.e94: 000000013f877000-000000013f877fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
355d34.e94: 000000013f878000-000000013f87cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
356d34.e94: 000000013f87d000-000000013f87dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
357d34.e94: 000000013f87e000-000000013f87efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
358d34.e94: 000000013f87f000-000000013f882fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
359d34.e94: 000000013f883000-000000013f8cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe
360d34.e94: 000000013f8cb000-fffff8037f595fff 0x0001/0x0000 0x0000000
361d34.e94: *000007feffc00000-000007feffc00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
362d34.e94: 000007feffc01000-000007fdff851fff 0x0001/0x0000 0x0000000
363d34.e94: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
364d34.e94: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
365d34.e94: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
366d34.e94: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
367d34.e94: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
368d34.e94: apisetschema.dll: timestamp 0x57d2fdbf (rc=VINF_SUCCESS)
369d34.e94: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
370d34.e94: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
371d34.e94: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
372d34.e94: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
373d34.e94: supR3HardNtChildPurify: Done after 527 ms and 0 fixes (loop #0).
374e90.cec: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
375d34.e94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
376e90.cec: supR3HardenedVmProcessInit: uNtDllAddr=00000000778e0000 g_uNtVerCombined=0x611db100
377d34.e94: supR3HardNtEnableThreadCreation:
378e90.cec: ntdll.dll: timestamp 0x57d2fde1 (rc=VINF_SUCCESS)
379e90.cec: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
380e90.cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
381e90.cec: System32: \Device\HarddiskVolume2\Windows\System32
382e90.cec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
383e90.cec: KnownDllPath: C:\Windows\system32
384e90.cec: supR3HardenedVmProcessInit: Opening vboxdrv...
385e90.cec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
386e90.cec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
387e90.cec: Registered Dll notification callback with NTDLL.
388e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
389e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
390e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
391e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
392e90.cec: supR3HardenedDllNotificationCallback: load 00000000777c0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
393e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
394e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
395e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
396e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
397e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777c0000 'C:\Windows\system32\kernel32.dll'
398e90.cec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007790a0e0 pvNtTerminateThread=000000007792c060
399d34.e94: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 20 ms.
400e90.cec: \SystemRoot\System32\ntdll.dll:
401e90.cec: CreationTime: 2016-10-13T16:13:10.665846300Z
402e90.cec: LastWriteTime: 2016-09-09T18:23:54.494442200Z
403e90.cec: ChangeTime: 2016-10-14T00:18:44.407207500Z
404e90.cec: FileAttributes: 0x20
405e90.cec: Size: 0x1a7100
406e90.cec: NT Headers: 0xe0
407e90.cec: Timestamp: 0x57d2fde1
408e90.cec: Machine: 0x8664 - amd64
409e90.cec: Timestamp: 0x57d2fde1
410e90.cec: Image Version: 6.1
411e90.cec: SizeOfImage: 0x1aa000 (1744896)
412e90.cec: Resource Dir: 0x14e000 LB 0x5a028
413e90.cec: ProductName: Microsoft® Windows® Operating System
414e90.cec: ProductVersion: 6.1.7601.23543
415e90.cec: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
416e90.cec: FileDescription: NT Layer DLL
417e90.cec: \SystemRoot\System32\kernel32.dll:
418e90.cec: CreationTime: 2016-10-13T16:13:08.515843300Z
419e90.cec: LastWriteTime: 2016-09-09T18:20:44.136000000Z
420e90.cec: ChangeTime: 2016-10-14T00:18:44.563207700Z
421e90.cec: FileAttributes: 0x20
422e90.cec: Size: 0x11c000
423e90.cec: NT Headers: 0xe0
424e90.cec: Timestamp: 0x57d2fe26
425e90.cec: Machine: 0x8664 - amd64
426e90.cec: Timestamp: 0x57d2fe26
427e90.cec: Image Version: 6.1
428e90.cec: SizeOfImage: 0x11f000 (1175552)
429e90.cec: Resource Dir: 0x116000 LB 0x528
430e90.cec: ProductName: Microsoft® Windows® Operating System
431e90.cec: ProductVersion: 6.1.7601.23543
432e90.cec: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
433e90.cec: FileDescription: Windows NT BASE API Client DLL
434e90.cec: \SystemRoot\System32\KernelBase.dll:
435e90.cec: CreationTime: 2016-10-13T16:13:08.105842700Z
436e90.cec: LastWriteTime: 2016-09-09T18:20:44.151000000Z
437e90.cec: ChangeTime: 2016-10-14T00:18:44.563207700Z
438e90.cec: FileAttributes: 0x20
439e90.cec: Size: 0x66800
440e90.cec: NT Headers: 0xe8
441e90.cec: Timestamp: 0x57d2fe27
442e90.cec: Machine: 0x8664 - amd64
443e90.cec: Timestamp: 0x57d2fe27
444e90.cec: Image Version: 6.1
445e90.cec: SizeOfImage: 0x6a000 (434176)
446e90.cec: Resource Dir: 0x68000 LB 0x530
447e90.cec: ProductName: Microsoft® Windows® Operating System
448e90.cec: ProductVersion: 6.1.7601.23543
449e90.cec: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
450e90.cec: FileDescription: Windows NT BASE API Client DLL
451e90.cec: \SystemRoot\System32\apisetschema.dll:
452e90.cec: CreationTime: 2016-10-13T16:13:06.805840900Z
453e90.cec: LastWriteTime: 2016-09-09T18:20:38.613000000Z
454e90.cec: ChangeTime: 2016-10-14T00:18:44.407207500Z
455e90.cec: FileAttributes: 0x20
456e90.cec: Size: 0x1a00
457e90.cec: NT Headers: 0xc0
458e90.cec: Timestamp: 0x57d2fdbf
459e90.cec: Machine: 0x8664 - amd64
460e90.cec: Timestamp: 0x57d2fdbf
461e90.cec: Image Version: 6.1
462e90.cec: SizeOfImage: 0x50000 (327680)
463e90.cec: Resource Dir: 0x30000 LB 0x3f8
464e90.cec: ProductName: Microsoft® Windows® Operating System
465e90.cec: ProductVersion: 6.1.7601.23543
466e90.cec: FileVersion: 6.1.7601.23543 (win7sp1_ldr.160909-0600)
467e90.cec: FileDescription: ApiSet Schema DLL
468e90.cec: Found driver NisDrv (0x400)
469e90.cec: supR3HardenedWinFindAdversaries: 0x400
470e90.cec: \SystemRoot\System32\drivers\MpFilter.sys:
471e90.cec: CreationTime: 2016-08-25T07:46:12.000000000Z
472e90.cec: LastWriteTime: 2016-08-25T07:46:12.000000000Z
473e90.cec: ChangeTime: 2016-11-30T18:19:20.616000000Z
474e90.cec: FileAttributes: 0x20
475e90.cec: Size: 0x48058
476e90.cec: NT Headers: 0xe8
477e90.cec: Timestamp: 0x57a90f3d
478e90.cec: Machine: 0x8664 - amd64
479e90.cec: Timestamp: 0x57a90f3d
480e90.cec: Image Version: 10.0
481e90.cec: SizeOfImage: 0x48000 (294912)
482e90.cec: Resource Dir: 0x45000 LB 0x1090
483e90.cec: ProductName: Microsoft Malware Protection
484e90.cec: ProductVersion: 4.10.0202.0
485e90.cec: FileVersion: 4.10.0202.0
486e90.cec: FileDescription: Microsoft antimalware file system filter driver
487e90.cec: \SystemRoot\System32\drivers\NisDrvWFP.sys:
488e90.cec: CreationTime: 2015-11-13T05:50:26.000000000Z
489e90.cec: LastWriteTime: 2016-08-25T07:46:12.000000000Z
490e90.cec: ChangeTime: 2016-11-30T18:19:20.577000000Z
491e90.cec: FileAttributes: 0x20
492e90.cec: Size: 0x212f8
493e90.cec: NT Headers: 0xe8
494e90.cec: Timestamp: 0x57a90f42
495e90.cec: Machine: 0x8664 - amd64
496e90.cec: Timestamp: 0x57a90f42
497e90.cec: Image Version: 10.0
498e90.cec: SizeOfImage: 0x20000 (131072)
499e90.cec: Resource Dir: 0x1d000 LB 0x1b90
500e90.cec: ProductName: Microsoft Malware Protection
501e90.cec: ProductVersion: 4.10.0202.0
502e90.cec: FileVersion: 4.10.0202.0
503e90.cec: FileDescription: Microsoft Network Realtime Inspection Driver
504e90.cec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
505e90.cec: Calling main()
506e90.cec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
507e90.cec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox'
508e90.cec: '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe' has no imports
509e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.exe)
510e90.cec: SUPR3HardenedMain: Final process, opening VBoxDrv...
511e90.cec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
512e90.cec: supR3HardNtEnableThreadCreation:
513e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll)
514e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll
515e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fb821:<flags> [calling]
516e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
517e90.cec: supR3HardenedDllNotificationCallback: load 000007fee7190000 LB 0x00005000 C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
518e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
519e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
520e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f8fa1:<flags> [calling]
521e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7190000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
522e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
523e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f8fa1:<flags> [calling]
524e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7190000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
525e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7190000 'C:\Program Files\Oracle VirtualBox\VBoxSupLib.DLL'
526e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
527e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
528e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
529e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
530e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
531e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
532e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
533e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
534e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
535e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
536e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
537e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
538e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
539e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
540e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
541e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
542e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
543e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
544e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
545e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
546e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
547e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
548e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
549e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
550e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
551e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
552e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
553e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
554e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
555e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
556e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd631:<flags> [calling]
557e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
558e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd770000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
559e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
560e90.cec: supR3HardenedDllNotificationCallback: load 000007fefecb0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
561e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
562e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
563e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
564e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd620000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
565e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
566e90.cec: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
567e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
568e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'C:\Windows\system32\Wintrust.dll'
569e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
570e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
571e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd631:<flags> [calling]
572e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
573e90.cec: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
574e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
575e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\bcrypt.dll'
576e90.cec: bcrypt.dll loaded at 000007fefcf80000, BCryptOpenAlgorithmProvider at 000007fefcf82640, preloading providers:
577e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
578e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
579e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
580e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
581e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
582e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
583e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
584e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
585e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
586e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
587e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
588e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
589e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
590e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
591e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
592e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
593e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
594e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
595e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
596e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd621:<flags> [calling]
597e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
598e90.cec: supR3HardenedDllNotificationCallback: load 000007fefca70000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
599e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
600e90.cec: supR3HardenedDllNotificationCallback: load 000007feff7d0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
601e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
602e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
603e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
604e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
605e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
606e90.cec: supR3HardenedDllNotificationCallback: load 000007feff7b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
607e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
608e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\bcryptprimitives.dll'
609e90.cec: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008bb770)
610e90.cec: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008bd740)
611e90.cec: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008bd860)
612e90.cec: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008bd980)
613e90.cec: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008bdaa0)
614e90.cec: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008bdbc0)
615e90.cec: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008bde00)
616e90.cec: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008bdf20)
617e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
618e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
619e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
620e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
621e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
622e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
623e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
624e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
625e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd181:<flags> [calling]
626e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
627e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
628e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
629e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\CRYPTSP.dll'
630e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
631e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
632e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
633e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
634e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
635e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
636e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd111:<flags> [calling]
637e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
638e90.cec: supR3HardenedDllNotificationCallback: load 000007fefcb50000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
639e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
640e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb50000 'C:\Windows\system32\rsaenh.dll'
641e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
642e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc9a1:<flags> [calling]
643e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\Windows\system32\ADVAPI32.dll'
644e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
645e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
646e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fcd21:<flags> [calling]
647e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
648e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd4b0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
649e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
650e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4b0000 'C:\Windows\system32\CRYPTBASE.dll'
651e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
652e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc751:<flags> [calling]
653e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777c0000 'C:\Windows\system32\kernel32.dll'
654e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
655e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd0e1:<flags> [calling]
656e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'C:\Windows\system32\WINTRUST.DLL'
657e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
658e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fcf11:<flags> [calling]
659e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\CRYPT32.dll'
660e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
661e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
662e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
663e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
664e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
665e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
666e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
667e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
668e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
669e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
670e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fcf61:<flags> [calling]
671e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
672e90.cec: supR3HardenedDllNotificationCallback: load 000007feff4b0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
673e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
674e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'C:\Windows\system32\imagehlp.dll'
675e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
676e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fd0b1:<flags> [calling]
677e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\CRYPTSP.dll'
678e90.cec: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
679e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
680e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
681e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
682e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
683e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
684e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
685e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
686e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
687e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
688e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
689e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
690e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
691e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
692e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
693e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
694e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
695e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
696e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
697e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
698e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
699e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
700e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
701e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
702e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
703e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
704e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
705e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
706e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
707e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
708e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
709e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
710e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
711e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
712e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
713e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
714e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
715e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
716e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
717e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
718e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
719e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
720e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fcbe1:<flags> [calling]
721e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
722e90.cec: supR3HardenedDllNotificationCallback: load 00000000776c0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
723e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
724e90.cec: supR3HardenedDllNotificationCallback: load 000007feffb80000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
725e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
726e90.cec: supR3HardenedDllNotificationCallback: load 000007fefea30000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
727e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
728e90.cec: supR3HardenedDllNotificationCallback: load 000007fefef60000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
729e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
730e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
731e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc0e1:<flags> [calling]
732e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffb80000 'C:\Windows\system32\gdi32.dll'
733e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
734e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
735e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
736e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
737e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
738e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
739e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
740e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
741e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
742e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
743e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
744e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
745e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
746e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
747e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
748e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
749e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
750e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
751e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
752e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
753e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
754e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
755e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
756e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
757e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
758e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
759e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
760e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
761e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
762e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
763e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
764e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fba21:<flags> [calling]
765e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
766e90.cec: supR3HardenedDllNotificationCallback: load 000007feff480000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
767e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
768e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd9d0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
769e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
770e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff480000 'C:\Windows\system32\IMM32.DLL'
771e90.cec: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\nvinitx.dll': 5 (NtPath=\??\C:\Windows\system32\nvinitx.dll; Input=C:\Windows\system32\nvinitx.dll; rcNtGetDll=0x0
772e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fb631:<flags> [calling]
773e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\nvinitx.dll'
774e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000776c0000 'C:\Windows\system32\USER32.dll'
775e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
776e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
777e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
778e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
779e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
780e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
781e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
782e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
783e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
784e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
785e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
786e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
787e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
788e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
789e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fcee1:<flags> [calling]
790e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
791e90.cec: supR3HardenedDllNotificationCallback: load 000007fefcfb0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
792e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
793e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\ncrypt.dll'
794e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
795e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fccd1:<flags> [calling]
796e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\bcrypt.dll'
797e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
798e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
799e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
800e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
801e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
802e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
803e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
804e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
805e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
806e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
807e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
808e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
809e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
810e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
811e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
812e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
813e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
814e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
815e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
816e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc661:<flags> [calling]
817e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
818e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0001f000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
819e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
820e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd610000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
821e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
822e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\Windows\system32\USERENV.dll'
823e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc3c1:<flags> [calling]
824e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
825e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc751:<flags> [calling]
826e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
827e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
828e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
829e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
830e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
831e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
832e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
833e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
834e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
835e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
836e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
837e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc981:<flags> [calling]
838e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
839e90.cec: supR3HardenedDllNotificationCallback: load 000007fefc8c0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
840e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
841e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8c0000 'C:\Windows\system32\GPAPI.dll'
842e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc8d1:<flags> [calling]
843e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
844e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
845e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fbfd1:<flags> [calling]
846e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\rpcrt4.dll'
847e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc8b1:<flags> [calling]
848e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
849e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc8c1:<flags> [calling]
850e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
851e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
852e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
853e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
854e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
855e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
856e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
857e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
858e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
859e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
860e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
861e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
862e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
863e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
864e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
865e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
866e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
867e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
868e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
869e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
870e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
871e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
872e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
873e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
874e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc3c1:<flags> [calling]
875e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
876e90.cec: supR3HardenedDllNotificationCallback: load 000007fef9180000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
877e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
878e90.cec: supR3HardenedDllNotificationCallback: load 000007fefeae0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
879e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
880e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
881e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
882e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
883e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
884e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
885e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
886e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
887e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
888e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
889e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
890e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
891e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
892e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
893e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
894e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
895e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
896e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002fb5f1:<flags> [calling]
897e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
898e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
899e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
900e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
901e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
902e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
903e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
904e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
905e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
906e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
907e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
908e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
909e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
910e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\cryptnet.dll'
911e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fbce1:<flags> [calling]
912e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
913e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
914e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fbce1:<flags> [calling]
915e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd610000 'C:\Windows\system32\profapi.dll'
916e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
917e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
918e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
919e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
920e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
921e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
922e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
923e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
924e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
925e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
926e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
927e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
928e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
929e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
930e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fb771:<flags> [calling]
931e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
932e90.cec: supR3HardenedDllNotificationCallback: load 000007fefec30000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
933e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
934e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec30000 'C:\Windows\system32\SHLWAPI.dll'
935e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
936e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009680a0
937e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
938e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC58830709AC8FEA95A077670C8A79A4F511C996
939e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc6a1:<flags> [calling]
940e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
941e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc201:<flags> [calling]
942e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
943e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc201:<flags> [calling]
944e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
945e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
946e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc6a1:<flags> [calling]
947e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\Windows\system32\ADVAPI32.dll'
948e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc651:<flags> [calling]
949e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
950e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002fc341:<flags> [calling]
951e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
952e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
953e90.cec: g_pfnWinVerifyTrust=000007fefd771010
954e90.cec: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
955e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
956e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
957e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
958e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AF990F37D753AA60690FC7939ADB03EE893B58C
959e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_287_for_KB3185330~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
960e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
961e90.cec: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
962e90.cec: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
963e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
964e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
965e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
966e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A284C43D9CD4E55273B385170EFA8FC455EB8C
967e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
968e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
969e90.cec: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
970e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
971e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
972e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
973e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=075C186B9EBBDEFAE43835198B8FA4897C63C80A
974e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
975e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
976e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
977e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
978e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
979e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
980e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7B3B5F7B52853C4CEAA05E6163F5C4AF1132695
981e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
982e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
983e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
984e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
985e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
986e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
987e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67EE3A294226F707ED5FD1E644414962E2DF2864
988e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
989e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
990e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
991e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
992e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
993e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
994e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
995e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
996e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
997e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
998e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
999e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1000e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1001e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1002e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1003e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1004e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1005e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1006e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1007e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1008e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D9F8AE55E46F7953AA1EFA379D76F2A76D6983B
1009e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1010e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1011e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1012e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1013e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1014e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1015e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB43BC80C977C81424019EACECB86A14243FDB1C
1016e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1017e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1018e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1019e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1020e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1021e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1022e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AC3A69E7F0F21E3443489E631E36BC69EC1C982A
1023e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1024e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1025e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1026e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1027e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1028e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1029e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0711589B5C71949BF83C0050BD6CCD5C563CB82
1030e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1031e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1032e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1033e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1034e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1035e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1036e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A3AE6C8E594E10B97CD89E5C9A11E2FC1124943
1037e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1038e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1039e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1040e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1041e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1042e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1043e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B248FC58436AAEFEF00A75FCE0F004E89F8C7F94
1044e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1045e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1046e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1047e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1048e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1049e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1050e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
1051e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1052e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1053e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1054e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1055e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009680a0
1056e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009680a0
1057e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1058e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1059e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000096ad90
1060e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1061e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1062e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1063e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000096ae50
1064e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ae50
1065e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
1066e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1067e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1068e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1069e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1070e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1071e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1072e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4196077E577B8C9A37A0393FF352B04A96D1BD25
1073e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1074e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1075e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1076e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1077e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1078e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1079e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C12E112BE267DAB0552EDF29018D7B535A9B940
1080e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1081e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1082e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1083e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1084e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1085e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1086e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1087e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
1088e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1089e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1090e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1091e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1092e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1093e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1094e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9417957BEBAB30D0967EBB53DB5B3602DF9D0DA0
1095e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1096e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1097e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1098e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1099e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1100e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1101e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=316CD6106AA5912D3BC1F9EC32A614FC739E9A55
1102e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_300_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1103e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1104e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1105e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1106e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1107e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1108e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1109e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1110e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1111e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1112e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1113e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1114e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1115e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1116e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F543D9693ED83595BA3E87097E428D8B06956700
1117e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1118e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1119e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1120e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1121e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1122e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1123e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71CB8510727C0FFA0BCEEFFACE63ACD80E6D9E25
1124e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1125e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1126e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1127e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1128e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1129e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1130e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F992ED2532F3F532E22AE18754AD66D6067F2F8A
1131e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1132e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1133e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1134e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxSupLib.dll'
1135e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1136e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1137e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1138e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1505BBC6CEC0A54FF4AD78E1102582ADE56BB5EC
1139e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1140e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1141e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1142e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1143e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1144e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1145e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8EA17CD6E0302216E1E0EC2685425C8C04B56277
1146e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_137_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1147e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1148e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1149e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1150e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc141:<flags> [calling]
1151e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\crypt32.dll'
1152e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1153e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1154e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1155e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1156e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1157e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1158e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1159e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1160e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
1161e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1162e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1163e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1164e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1165e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1166e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1167e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1168e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1169e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1170e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1171e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1172e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1173e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1174e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1175e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1176e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1177e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1178e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1179e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1180e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1181e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1182e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1183e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1184e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1185e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1186e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1187e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1188e90.cec: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1189e90.cec: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=37
1190e90.cec: SUPR3HardenedMain: Load Runtime...
1191e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1192e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1193e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1194e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1195e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll) WinVerifyTrust
1196e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1197e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1198e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1199e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1200e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1201e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1202e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1203e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1204e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1205e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1206e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1207e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1209e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1210e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1211e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1212e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1213e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1214e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1215e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1216e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll) WinVerifyTrust
1217e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1218e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1219e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1220e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll) WinVerifyTrust
1221e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1222e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1223e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1224e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1225e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1226e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1227e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1228e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1229e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1230e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE18DF13EDD042527B9D18576EE0514B174199E3
1231e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1232e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1233e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1234e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1235e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1236e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1237e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1238e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1239e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1240e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1241e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc471:<flags> [calling]
1242e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1243e90.cec: supR3HardenedDllNotificationCallback: load 000007fee61d0000 LB 0x0053c000 C:\Program Files\Oracle VirtualBox\VBoxRT.dll [fFlags=0x0]
1244e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1245e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1246e90.cec: supR3HardenedDllNotificationCallback: load 0000000067af0000 LB 0x000d2000 C:\Program Files\Oracle VirtualBox\MSVCR100.dll [fFlags=0x0]
1247e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1248e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1249e90.cec: supR3HardenedDllNotificationCallback: load 0000000067c10000 LB 0x00098000 C:\Program Files\Oracle VirtualBox\MSVCP100.dll [fFlags=0x0]
1250e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1251e90.cec: supR3HardenedDllNotificationCallback: load 000007fefeb40000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1252e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1253e90.cec: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1254e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1255e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1256e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1257e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1258e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1259e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1260e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1261e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1262e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1263e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1264e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1265e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1266e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1267e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1268e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1269e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1270e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1271e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1272e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1273e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1274e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1275e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1276e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1277e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1278e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1279e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1280e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1281e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1282e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1283e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1284e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1285e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1286e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1287e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1288e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1289e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1290e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1291e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1292e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1293e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1294e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1295e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1296e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1297e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1298e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VBoxRT.dll
1299e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002f9bb1:<flags> [calling]
1300e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1301e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1302e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1303e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee61d0000 'C:\Program Files\Oracle VirtualBox\VBoxRT.dll'
1304e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1305e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fdfd1:<flags> [calling]
1306e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd770000 'C:\Windows\system32\Wintrust.dll'
1307e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1308e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fcb21:<flags> [calling]
1309e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\crypt32.dll'
1310e90.cec: SUPR3HardenedMain: Load TrustedMain...
1311e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1312e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1313e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1314e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1315e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1316e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1317e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1318e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1319e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1320e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1321e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1322e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1323e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1324e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1325e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1326e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll) WinVerifyTrust
1327e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
1328e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1329e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1330e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1331e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1332e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1333e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E9A8D553148BED7B65ED40DA3FFB207DB1EAA55
1334e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1335e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1336e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1337e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1338e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1339e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1340e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1341e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1342e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1343e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1344e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1345e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3E83E74A541ECA00DF9E1B5AA0999E45845CD9
1346e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3184122~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1347e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1348e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1349e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1350e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1351e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1352e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1353e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1354e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1355e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1356e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1357e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1358e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1359e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1360e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0D0E2D574BA619316D85AB73B5E0DDD89991AC2E
1361e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1362e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1363e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1364e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1365e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1366e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1367e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1368e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1369e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1370e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1371e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1372e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1373e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1374e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
1375e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1376e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1377e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1378e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1379e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1380e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1381e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1382e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1383e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1384e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1385e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1386e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1387e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1388e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1389e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1390e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1391e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1392e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1393e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1394e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1395e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
1396e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1397e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1398e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1399e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1400e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1401e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1402e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1403e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1404e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1405e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1406e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1407e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
1408e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1409e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1410e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1411e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1412e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1413e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1414e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1415e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1416e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1417e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1418e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
1419e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1420e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1421e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1422e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1423e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1424e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1425e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1426e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1427e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1428e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1429e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1430e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1431e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1432e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1433e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1434e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1435e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1436e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1437e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1438e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1439e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1440e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1441e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1442e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1443e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1444e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1445e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1446e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1447e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1448e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1449e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1450e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1451e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1452e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1453e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1454e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1455e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F331C42EC112FD278802B13D0ABF1F7F7FAADC60
1456e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_386_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1457e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1458e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1459e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1460e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1461e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1462e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1463e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1464e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1465e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1466e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1467e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1468e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1469e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1470e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1471e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1472e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1473e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1474e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1475e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1476e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1477e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1478e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1479e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1480e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1481e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1482e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1483e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1484e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1485e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1486e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1487e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1488e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1489e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07408AD5E39551BE479215B6694E8769C3AB0A25
1490e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_386_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1491e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1492e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1493e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1494e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1495e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1496e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1497e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1498e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1499e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1500e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1501e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1502e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1503e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1504e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1505e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1506e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1507e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1508e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1509e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1510e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1511e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1512e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1513e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1514e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1515e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1516e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1517e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1518e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1519e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1520e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1521e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1522e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1523e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1524e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1525e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1526e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1527e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1528e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1529e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1530e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1531e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1532e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1533e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1534e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1535e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1536e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1537e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1538e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1539e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1540e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1541e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1542e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1543e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1544e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1545e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1546e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1547e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1548e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1549e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1550e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1551e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1552e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1553e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1554e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1555e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1556e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1557e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1558e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1559e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcp100.dll
1560e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1561e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1562e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1563e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1564e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1565e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1566e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1567e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1568e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1569e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1570e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1571e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1572e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1573e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1574e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1575e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll
1576e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1577e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1578e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1579e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1580e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1581e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1B7749647FCDDFFCFF3CBCB640B19EB14D1A00
1582e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1583e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1584e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1585e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1586e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1587e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1588e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1589e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1590e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1591e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1592e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1593e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1594e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1595e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1596e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1597e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5955B5BC5D362A16362FF8902973FBB7E12403F3
1598e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1599e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1600e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1601e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1602e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1603e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1604e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1605e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1606e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1607e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1608e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1609e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1610e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1611e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1612e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1613e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
1614e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1615e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1616e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1617e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1618e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1619e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1620e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1621e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1622e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1623e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1624e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1625e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1626e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1627e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1628e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
1629e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1630e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1631e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1632e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1633e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1634e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1635e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1636e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1637e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1638e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1639e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1640e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1641e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1642e90.cec: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1643e90.cec: Error (rc=0):
1644e90.cec: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
1645e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1646e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1647e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1648e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1649e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1650e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1651e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1652e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1653e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1654e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1655e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1656e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1657e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1658e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1659e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1660e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1661e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1662e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1663e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1664e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1665e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1666e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1667e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1668e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1669e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1670e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1671e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1672e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1673e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1674e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1675e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1676e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1677e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1678e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=308DD516BDAC71083E63F74CF9F2CF305AB7C424
1679e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1680e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1681e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1682e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1683e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1684e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1685e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1686e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1687e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1688e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1689e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1690e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1691e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1692e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1693e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1695e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1696e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1697e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1698e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1699e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1700e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1701e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1702e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1703e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1704e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1705e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1706e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1707e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1708e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BA070FC48B59A14F38A79995E6F3990D04EA2F7
1709e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1710e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1711e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1712e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1713e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1714e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1715e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1716e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1717e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1718e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1719e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1720e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1721e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=638814E4F1F08BDE3B0DCBA93F02F14791D811C7
1722e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1723e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1724e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1725e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1726e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1727e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1728e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1729e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1730e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1731e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1732e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1733e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1734e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1735e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1736e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1737e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1738e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1739e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1740e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EB130FE5667C75A1CCDD15015B9391131942AA9
1741e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1742e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1743e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1744e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1745e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1746e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1747e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1748e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1749e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1750e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1751e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1752e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1755e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1756e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1757e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1758e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1759e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1760e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1761e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1762e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1763e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2FD0008F21C440BEC05CC950BF703010DCBAA292
1764e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1765e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1766e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1767e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1768e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1769e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1770e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1771e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1772e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1773e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1774e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1775e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1776e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1777e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1778e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1779e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1780e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1781e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1782e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1783e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1784e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000096ad90
1785e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000096ad90
1786e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AB181E88445DB552B76A85CA3B4C1F95F1C6AB1
1787e90.cec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1730_for_KB3125574~31bf3856ad364e35~amd64~~6.1.4.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1788e90.cec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1789e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1790e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1791e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1792e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1793e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1794e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1795e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1796e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1797e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1798e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1799e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1800e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1801e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1802e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1803e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1804e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1805e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1806e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1807e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1808e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1809e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1810e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1811e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1812e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1813e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1814e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1815e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1816e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1817e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc481:<flags> [calling]
1818e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
1819e90.cec: supR3HardenedDllNotificationCallback: load 000007fee58e0000 LB 0x008e8000 C:\Program Files\Oracle VirtualBox\VirtualBox.dll [fFlags=0x0]
1820e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\VirtualBox.dll
1821e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1822e90.cec: supR3HardenedDllNotificationCallback: load 000007feeeb10000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1823e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1824e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1825e90.cec: supR3HardenedDllNotificationCallback: load 000007fef9400000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1826e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1827e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1828e90.cec: supR3HardenedDllNotificationCallback: load 000007feeea10000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1829e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1830e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1831e90.cec: supR3HardenedDllNotificationCallback: load 000007fef94a0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1832e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1833e90.cec: supR3HardenedDllNotificationCallback: load 000007feff030000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1834e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1835e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1836e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1837e90.cec: supR3HardenedDllNotificationCallback: load 000007feff210000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1838e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1839e90.cec: supR3HardenedDllNotificationCallback: load 000007fefed50000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1840e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1841e90.cec: supR3HardenedDllNotificationCallback: load 000007fefd670000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1842e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1843e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1844e90.cec: supR3HardenedDllNotificationCallback: load 000007fefc390000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1845e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1846e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1847e90.cec: supR3HardenedDllNotificationCallback: load 0000000067580000 LB 0x00566000 C:\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1848e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1849e90.cec: supR3HardenedDllNotificationCallback: load 000007fefdaf0000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1850e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1851e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1852e90.cec: supR3HardenedDllNotificationCallback: load 000007fef5b40000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1853e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1854e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1855e90.cec: supR3HardenedDllNotificationCallback: load 000007fee52e0000 LB 0x005f7000 C:\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1856e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1857e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
1858e90.cec: supR3HardenedDllNotificationCallback: load 0000000067010000 LB 0x00561000 C:\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1859e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5WidgetsVBox.dll
1860e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
1861e90.cec: supR3HardenedDllNotificationCallback: load 000007fee6bf0000 LB 0x00051000 C:\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1862e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5PrintSupportVBox.dll
1863e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1864e90.cec: supR3HardenedDllNotificationCallback: load 000007fef7610000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1865e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1866e90.cec: supR3HardenedDllNotificationCallback: load 000007fefeb90000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1867e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1868e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1869e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1870e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1871e90.cec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1872e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1873e90.cec: supR3HardenedDllNotificationCallback: load 000007fef7690000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1874e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1875e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
1876e90.cec: supR3HardenedDllNotificationCallback: load 0000000066fb0000 LB 0x00054000 C:\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1877e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5OpenGLVBox.dll
1878e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1879e90.cec: supR3HardenedDllNotificationCallback: load 000007fef1330000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1880e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1881e90.cec: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1882e90.cec: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1883e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1884e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1885e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1886e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1887e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1888e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1889e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1890e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fba51:<flags> [calling]
1891e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff480000 'C:\Windows\system32\imm32.dll'
1892e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\Windows\system32\ADVAPI32.DLL'
1893e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1894e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1895e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4b0000 'C:\Windows\system32\cryptbase.dll'
1896e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee58e0000 'C:\Program Files\Oracle VirtualBox\VirtualBox.dll'
1897e90.cec: SUPR3HardenedMain: Calling TrustedMain (000007fee58e1610)...
1898e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1899e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fdd81:<flags> [calling]
1900e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ole32.dll'
1901e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\Windows\system32\ADVAPI32.dll'
1902e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1903e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fc461:<flags> [calling]
1904e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd610000 'C:\Windows\system32\profapi.dll'
1905e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1906e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1907e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1908e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1909e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1910e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1911e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1912e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1913e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1914e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1915e90.cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1916e90.cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1917e90.cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
1918e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1919e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1920e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1921e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1922e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5CoreVBox.dll
1923e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1924e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1925e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\Qt5GuiVBox.dll
1926e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1927e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1928e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1929e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1930e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1931e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1932e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1933e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1934e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1935e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1936e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1937e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1938e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1939e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1940e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1941e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1942e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1943e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1944e90.cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1945e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1946e90.cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1947e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fe751:<flags> [calling]
1948e90.cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
1949e90.cec: supR3HardenedDllNotificationCallback: load 000007fee6ac0000 LB 0x0012e000 C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1950e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle VirtualBox\platforms\qwindows.dll
1951e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6ac0000 'C:\Program Files\Oracle VirtualBox\platforms\qwindows.dll'
1952e90.cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1953e90.cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002fe681:<flags> [calling]
1954e90.cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4b0000 'C:\Windows\system32\CRYPTBASE.dll'
1955d34.e94: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 959 ms, the end);
1956d18.d30: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1518 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy